It's interesting that this malware only targets certain models of Dell PowerEdge servers with particular RAID controllers. Since the average terrorist isn't likely to be using one of these, it would seem that the purpose of this malware is for spying on businesses or government agencies.
I think the biggest "scandal" we haven't seen the leakers talk about is the intelligence for US business interests.
As in the NSA literally going after foreign businesses and then turning around, and giving that information 1:1 to US corporations. That should be a pretty big scandal considering how much the US prides itself on being a capitalist market (i.e. survival of the fitness, not best politically connected).
But the US has a long history of this, and frankly at least they stopped starting wars in South American on the behest of US businesses so that's something...
Thanks to reveals like Echelon (https://en.wikipedia.org/wiki/ECHELON), every big/strategic (e.g. energy/arms) business in Europe has been aware of this since the late 80s (at least). For instance in the 90s, a common strategy when negotiating with US companies was to send misinformation via email or fax internally knowing that the NSA would pass it on. From the results of the negotiations it appeared that the NSA were not aware that they were being played in this way.
Anyway, so that's why I think you're not hearing too much about that scandal - it comes as no shock to anyone it affects.
In the intro the author explains that the likely targets are client computers connecting to these servers. Later he explains how the specific hardware requirements (PowerEdge gen 8 & 9 + PERC RAID controller) are likely due to the storage requirements of the malware dropper. These generations of PowerEdge servers were very common in many datacenters, so it makes a lot of sense to target them. It also seems likely that other makes and models have been targeted by similar malware components, however this article is specifically about DEITYBOUNCE.
"National security" was never just about terrorists. It is also spying on foreign governments, companies and other organizations, most of whom would be running servers.
Are you well-acquainted with the census of popular server hardware among terrorists organizations? If so, please elaborate. If not, tell us what could possibly lead you to write such a comment.
I get the impression that most violent terrorist groups are rather low-tech and are not using _any_ server hardware. If you're aware of terrorists routinely operating DCs or co-locating servers, feel free to correct my understanding.
