Security News > 2024 > April > Multiple botnets exploiting one-year-old TP-Link flaw to hack routers
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 routers vulnerable to a command injection security issue reported and addressed last year.
Yesterday, Fortinet issued another warning saying that it observed a surge in the malicious activity exploiting the vulnerability, noting that it originated from six botnet operations.
"Recently, we observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent"AGoent," and the Gafgyt Variant.
Each of these botnets utilizes different methods and scripts to exploit the vulnerability, establish control over the compromised devices, and command them to take part in malicious activities such as distributed denial of service attacks.
Gafgyt variant: Specializes in DDoS attacks by downloading scripts to execute Linux binaries and maintaining persistent connections to C&C servers.
Moobot: Known for initiating DDoS attacks, it fetches and executes a script to download ELF files, executes them based on architecture, and then removes traces.