Experts at Check Point found the author of the botnet Satori. They were an amateur hacker under the nickname Nexus Zeta. The researchers tracked him to the e-mail address to which he registered the domains used in Satori, and the account on the hacker’s forum.
The amateur level of the Check Point hacker was determined by the content of his rare posts.
On November 22, the day before the start of Satori’s activity, an entry appeared on the forum in which the hacker asks for help in launching the Mirai botnet (Satori is a variation of Mirai).
Bleeping Computer wonders if the hacker himself found out about the 0day vulnerability in Huawei devices or bought this information somewhere else.