It's not clear that the distribution mechanism and many of the other requirements would be so broadly met that "access to most servers on the internet" is a correct description of the scope.
Or that, once in the wild, that the author would have their pick of the litter when choosing targets. It's also true that the exploit has several kill switches in it, and so even vulnerable servers could be protected by simply setting an environment variable.
Which, honestly, makes this entire attack all the more strange. It had incredibly unclear value and longevity. It makes me wonder if the author didn't have different, parallel aims, or if this wasn't a type of practice run for a larger attack in the future.
Since they would have "their pick of the litter" why did they then include kill switches?
A scary scenario is a rerun of the Viasat hack https://en.wikipedia.org/wiki/Viasat_hack
I.e. wipe all servers worldwide at the morning of an attack, but before that you install the kill switches on your servers and those of your allies.
To make it harder to detect and reverse engineer. There's a plethora of disabling functionality in the exploit. This is bad, but the original post is being hyperbolic.
Or that, once in the wild, that the author would have their pick of the litter when choosing targets. It's also true that the exploit has several kill switches in it, and so even vulnerable servers could be protected by simply setting an environment variable.
Which, honestly, makes this entire attack all the more strange. It had incredibly unclear value and longevity. It makes me wonder if the author didn't have different, parallel aims, or if this wasn't a type of practice run for a larger attack in the future.