🤖 Ballista Botnet Exploits Unpatched TP-Link Vulnerability to Infect Over 6,000 Devices

chushpan

chushpan

Professional
Messages
1,090
Reaction score
1,051
Points
113
👉 Unpatched TP-Link Archer routers have been targeted by a new botnet campaign dubbed Ballista, according to new data obtained by the Cato CTRL team.

🗞 “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread automatically across the internet”, security researchers Ofek Vardi and Matan Mittelman wrote in a technical report.

📰 CVE-2023-1389 is a high-severity security flaw affecting TP-Link Archer AX-21 routers that can lead to command injection, which subsequently opens the path to remote code execution.

📌 The first evidence of active exploitation of this flaw dates back to April 2023, when unknown threat actors used it to distribute the Mirai botnet malware. Since then, it has also been used to distribute other malware families, such as Condi and AndroxGh0st.
 
You must log in or register to reply here.

Similar threads

Father
Botnet in every home: Hackers Once again enslave TP-Link routers for DDoS Attacks
Replies
0
Views
191
Father
Father
Man
Mozi Botnet Reborn: Androxgh0st Actively Hunts Servers and IoT
Replies
0
Views
99
Man
Man
Friend
TP-Link routers: a bridge for Chinese hackers to US networks
Replies
0
Views
99
Friend
Friend
Friend
Unpatched Vulnerability in AVTECH IP Cameras Used by Mirai Botnet
Replies
0
Views
164
Friend
Friend
Man
Botnet of thousands of TP-Link routers mobilized to brute-force Azure accounts
Replies
0
Views
105
Man
Man
Back
Top