Security News > 2024 > April > Multiple botnets exploiting one-year-old TP-Link flaw to hack routers
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 routers vulnerable to a command injection security issue reported and addressed last year.
Yesterday, Fortinet issued another warning saying that it observed a surge in the malicious activity exploiting the vulnerability, noting that it originated from six botnet operations.
"Recently, we observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent"AGoent," and the Gafgyt Variant.
Each of these botnets utilizes different methods and scripts to exploit the vulnerability, establish control over the compromised devices, and command them to take part in malicious activities such as distributed denial of service attacks.
Gafgyt variant: Specializes in DDoS attacks by downloading scripts to execute Linux binaries and maintaining persistent connections to C&C servers.
Moobot: Known for initiating DDoS attacks, it fetches and executes a script to download ELF files, executes them based on architecture, and then removes traces.
News URL
Related news
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)