pull down to refresh

Botnet 7777 Running on TPLink Routers
394 sats \ 4 comments \ @_b_o_n_e_s_ 3 Nov security
The malicious network, made up almost entirely of TP-Link routers, was first documented in October 2023 by a researcher who named it Botnet-7777. The geographically dispersed collection of more than 16,000 compromised devices at its peak got its name because it exposes its malicious malware on port 7777.
In July and again in August of this year, security researchers from Serbia and Team Cymru reported the botnet was still operational. All three reports said that Botnet-7777 was being used to skillfully perform password spraying, a form of attack that sends large numbers of login attempts from many different IP addresses. Because each individual device limits the login attempts, the carefully coordinated account-takeover campaign is hard to detect by the targeted service.
https://arstechnica.com/information-technology/2024/11/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks/
write
preview
related posts
77 sats \ 0 replies \ @Cotton 3 Nov
Just another reminder of the risks in unsecured IoT devices.
reply
42 sats \ 0 replies \ @OgFOMK 3 Nov
Maybe TP stands for Toilet Paper.
reply
0 sats \ 1 reply \ @satoshiiiiiii 8h
Normal, actually right now the botnet and other ports have zero meaning.
Modern hackers use public/private ssh ports instead of other ports/services.
'Cause if they reach the router's ssh they will be controlling Remote/Local Networks of all the devices using the router as a gateway.
And right now every TP-Link router comes with ssh service.
If someone check 0-65553 range ports, ssh service is always active inside of every TP-Link router.
And someone can use QEMU for example to setup an operating system inside of any device.
Nowadays it's the most active Threat Actor in Security News.
reply
0 sats \ 0 replies \ @satoshiiiiiii 8h
Also, router owners are in high risk, now.
Network Traffic can be manipulated by someone who setups the router, or can be manipulated by the ISP and other device owners.
reply