Security News > 2021 > November > EwDoor botnet targets AT&T network edge devices at US firms

EwDoor botnet targets AT&T network edge devices at US firms
2021-11-30 17:26

A recently discovered botnet is attacking unpatched AT&T enterprise network edge devices using exploits for a four-year-old critical severity Blind Command Injection security flaw.

The botnet, dubbed EwDoor by researchers at Qihoo 360's Network Security Research Lab, targets AT&T customers using EdgeMarc Enterprise Session Border Controller edge devices.

360 Netlab spotted the botnet on October 27 when the first attacks targeting Internet-exposed Edgewater Networks' devices unpatched against the critical CVE-2017-6079 vulnerability started.

During the three hours they had before the botnet's operators switched to a different C2 network communication model, 360 Netlab could spot roughly 5,700 infected devices.

"By back-checking the SSl certificates used by these devices, we found that there were about 100k IPs using the same SSl certificate. We are not sure how many devices corresponding to these IPs could be infected, but we can speculate that as they belong to the same class of devices the possible impact is real."

Our latest blog is about EwDoor Botnet, all its infected devices are located in US, we saw around 6k compromised ips in a short 3 hours time window https://t.


News URL

https://www.bleepingcomputer.com/news/security/ewdoor-botnet-targets-atandt-network-edge-devices-at-us-firms/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2017-05-16 CVE-2017-6079 Unspecified vulnerability in Ribboncommunications Edgemarc Firmware
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set.
network
low complexity
ribboncommunications
critical
10.0