1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Mirai malware targeting top TP-Link routers to hijack into DDoS a

    From TechnologyDaily@1337:1/100 to All on Wed Apr 26 16:30:03 2023
    Mirai malware targeting top TP-Link routers to hijack into DDoS attacks

    Date:
    Wed, 26 Apr 2023 15:14:36 +0000

    Description:
    TP-Link routers in Eastern Europe were the first to be targeted with a high-severity flaw.

    FULL STORY ======================================================================

    Experts have detected a high-severity security flaw in certain TP-Link Wi-Fi routers thats currently being used to hijack the devices and recruit them
    into a vast botnet that would later be used for Distributed Denial of Service (DDoS) attacks.

    A report from the Zero Day Initiative (ZDI), a program created to encourage the reporting of zero-day vulnerabilities privately to the affected vendors found that since mid-April this year, threat actors started abusing CVE-2023-1389, a high-severity flaw found in TP-Link Archer A21 (AX1800)
    Wi-Fi routers.

    The flaw, carrying a severity score of 8.8, is described as an
    unauthenticated command injection flaw in the locale API of the web
    management interface on the device. Mirai expanding

    Hackers are using the flaw to deploy the Mirai malware , ZDI further states, which turns the targeted device into a bot for the Mirai botnet. They first targeted routers in Eastern Europe earlier this month, only to expand
    globally later on.

    TP-Link was tipped off on the existence of the zero-day in January this year, after two separate research groups demonstrated how to abuse the flaw during the Pwn2Own Toronto hacking event in December 2022. The company first tried
    to fix the issue in late February, but the patch was incomplete and the devices remained vulnerable. Read more

    A new Mirai variant is attacking Linux devices to build a beastly DDoS
    botnet


    Mirai botnet now targeting critical flaw in thousands of routers


    These are the best ransomware protection tools around

    Last month, however, TP-Link issued a new firmware update that successfully addressed CVE-2023-1389. IT admins and owners of the Archer AX21 AX1800 Wi-Fi router should make sure their devices hardware is updated at least to version 1.1.4 Build 20230219.

    Some of the symptoms of a compromised router include frequent disconnections from the internet, changes on the devices network settings that no one seems to have made, the resetting of administrator credentials, and the
    inexplicable overheating of the router. Check out the best endpoint
    protection software around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/mirai-malware-targeting-top-tp-link-routers-to- hijack-into-ddos-attacks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)