< img src = "/uploads/blogs/53/a4/ib-fqv74v7b4_7b271523.jpg" Alt = "hackers infected Ballista Thousand TP-LINK"/> < p > reports the launch of hackers of a new Botnet-attack campaign aimed at TP-Link routers, which resulted in more than 6,000 devices.
< P > Botnet Ballista operates the vulnerability of remote code (RCE) in the TP-Link Archer AX-21 model. After initial penetration, harmful software is loaded to the router and launches a script that loads and performs a binary file. & Amp; nbsp; then installed control channel (C2) on port 82, which allows the attackers to fully control the device. < Br /> 62 ~ /P ~ 62 < p > The program is capable of executing remote commands, executing DDOS-attacks, viewing configuration files and hiding its presence. It can also extend to other routers. & Amp; nbsp; most infected devices have been found in Brazil, Poland, Great Britain, Bulgaria and Turkey, and the main goals of attacks are medical and technological companies from the US, Australia, China and Mexico.
Considering the use of Italian IP address and language, researchers have attributed an attack by hackers from Italy. & Amp; nbsp; however, the initial IP is no longer working, it was replaced by a new one that uses TOR domains, which indicates the continuation of the development of harmful software. < P > Experts recommend installing security updates for TP-Link Archer AX-21, available on the company's official website, with the instructions for its adjustment. ~ ~