Security News > 2021 > December > AT&T Takes Steps to Mitigate Botnet Found Inside Its Network
Researchers from Netlab, a network security division of Chinese tech giant Qihoo 360, first discovered what they characterized as a "Brand-new botnet" attacking Edgewater Networks devices, using a vulnerability in EdgeMarc Enterprise Session Border Controllers, tracked as CVE-2017-6079.
Netlab eventually identified the devices as belonging to AT&T, which confirmed the existence of the botnet to analyst firm Recorded Future's The Record.
After installation on an infected device, it collects device information, then performs a few common tasks such as establishing persistence and other functions.
One interesting aspect of the botnet and the servers that have been commandeered by attackers is that researchers found that there were about 100,000 IPs using the same SSL certificate.
"We are not sure how many devices corresponding to these IPs could be infected, but we can speculate that as they belong to the same class of devices the possible impact is real," researchers wrote.
If this is the case, AT&T will have to "Urgently take action" to secure any server or device exposed to an outside network to ensure that no one is accessing the network by exploiting unencrypted ports, he explained.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-16 | CVE-2017-6079 | Unspecified vulnerability in Ribboncommunications Edgemarc Firmware The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. | 10.0 |