🤖 Ballista Botnet Exploits Unpatched TP-Link Vulnerability to Infect Over 6,000 Devices

chushpan

chushpan

Professional
Messages
998
Reaction score
852
Points
93
👉 Unpatched TP-Link Archer routers have been targeted by a new botnet campaign dubbed Ballista, according to new data obtained by the Cato CTRL team.

🗞 “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread automatically across the internet”, security researchers Ofek Vardi and Matan Mittelman wrote in a technical report.

📰 CVE-2023-1389 is a high-severity security flaw affecting TP-Link Archer AX-21 routers that can lead to command injection, which subsequently opens the path to remote code execution.

📌 The first evidence of active exploitation of this flaw dates back to April 2023, when unknown threat actors used it to distribute the Mirai botnet malware. Since then, it has also been used to distribute other malware families, such as Condi and AndroxGh0st.
 
You must log in or register to reply here.

Similar threads

Father
Botnet in every home: Hackers Once again enslave TP-Link routers for DDoS Attacks
Replies
0
Views
190
Father
Father
Man
Mozi Botnet Reborn: Androxgh0st Actively Hunts Servers and IoT
Replies
0
Views
97
Man
Man
Friend
TP-Link routers: a bridge for Chinese hackers to US networks
Replies
0
Views
97
Friend
Friend
Friend
Unpatched Vulnerability in AVTECH IP Cameras Used by Mirai Botnet
Replies
0
Views
163
Friend
Friend
Man
Botnet of thousands of TP-Link routers mobilized to brute-force Azure accounts
Replies
0
Views
102
Man
Man
Back
Top