Botnet Ballista: TP-Link Router’s Ancient Achilles’ Heel Unleashed!
Cato Networks has discovered the Ballista botnet exploiting TP-Link Archer routers through CVE-2023-1389. Linked to an Italian threat actor, Ballista targets sectors worldwide. It spreads malware via a dropper, sets up encrypted control channels, and can launch DDoS attacks. Over 6,000 vulnerable devices are exposed online.
Hot Take:
Well, it looks like the Roman empire is back, but this time they’re not launching actual missiles, just digital ones. The Ballista botnet is taking aim at TP-Link Archer routers, proving that even ancient names can have a modern twist. Watch out, your Wi-Fi might just be under the siege of these cyber gladiators!
Key Points:
- Cato Networks discovered a new IoT botnet named Ballista, targeting TP-Link Archer routers.
- The botnet exploits a vulnerability CVE-2023-1389 that was discovered at a hacker competition in 2022.
- Ballista has been linked to an unnamed Italian threat actor, with activity detected in early 2023.
- More than 6,000 internet-exposed devices could be vulnerable to this botnet.
- The malware uses a TLS encrypted C2 channel to execute various commands, including launching DDoS attacks.
Already a member? Log in here