“The U.S. government effort to stop the attack “was effective at knocking down their command and control. But — and this is a ‘but’ we haven’t seen talked about that much — there was a persistent ‘stage one’ on all of those routers,” said Joyce. “If it was at a stage-two or stage-three implant, it knocked it back to one, which was power- and reboot-persistent. At that point, we couldn’t call back out via those two methods to re-establish command and control,” he told the crowd.
Bottom line: “It’s still on those routers and if you know the wake-up knock you can go in, control those routers, and put a stage two or three back on them… What do you think the odds are that the actors in Russia who put those down have the addresses of the places where the put the malware? I think it’s pretty high,” he said.”