TP-Link routers are exposed to massive bot and malware attacks

Hackers are still trying to break into vulnerable TP-Link Wi-Fi routers. A Fortinet report claims that botnet operators are looking for vulnerable TP-Link Archer AX21 routers after cybersecurity researchers discovered a vulnerability to unauthorized command injection in such routers early last year, TechRadar reports.

The vulnerability, CVE-2023-1389, was patched a few months later, in March 2023.

Despite the announcement of the vulnerability’s closure, Fortinet found that the number of attempts to exploit this exploit is up to 50,000 per day even today.

“Recently, we observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant”, Fortinet’s report says.

Various variants of Mirai and a botnet called “Condi” have been identified as attacking TP-Link routers since the vulnerability was first disclosed.

Mirai is considered one of the largest and most destructive botnets.

Hackers are always looking for vulnerable devices connected to the Internet, such as smart home devices, smart speakers, routers, computers, etc. When they find such devices, they infect them with malware that allows them to execute specific commands.

The most popular use case is distributed denial-of-service (DDoS) attacks, in which compromised devices are instructed to send meaningless traffic to the target.