There is no RPi vulnerability(in this article). The RPi was just used as a bastion into the internal network. It could have been any SBC. Once your already inside the internal network things get stupid lax.
EG. I can't see your Windows shared folders from the internet, but the PC in the next room can. Someone sneaked an RPi into JPL to be that PC in the next room.
See Also; Season 1 Mr Robot had this exact scenario as a plot point.
> The comprehensive federal review of JPL’s systems stemmed from an April 2018 incident when someone at JPL attached the Raspberry Pi to the network there for an unknown purpose
Basically, someone plugged in a computer to the corporate network that happened to be a Raspberry Pi. Might as well have been a Beaglebone, a Banana Pi or an Intel NUC for that matter.
Probably just ssh enabled with the default credentials. IIRC, raspberry pis have their own MAC address prefix, so it's pretty obvious when you find one.
Not impossible to imagine the credentials were the unchanged default pi/raspberry... (I imagine quite a few people who haven't done much w/ a Pi don't even run raspi-config) I assume you can scan for similar exposed RPis with Shodan etc.
EG. I can't see your Windows shared folders from the internet, but the PC in the next room can. Someone sneaked an RPi into JPL to be that PC in the next room.
See Also; Season 1 Mr Robot had this exact scenario as a plot point.