Login

Hackers have hijacked over 16,000 TP Link network devices to create a botnet that is destroying Microsoft Azure accounts.

Hackers have hijacked over 16,000 TP Link network devices to create a botnet that is destroying Microsoft Azure accounts.

As a Bath renter who is all too familiar with the faraday-cage architecture that makes up much of Bath, I have found TP Link WiFi adapters to be very useful (that Bridgerton fanfic won't read itself on a shaky internet connection, for example). Unfortunately, these adapters and many of TP-Link’s networking products seem to be highly vulnerable to hackers.

Ars Technica reports that thousands of TP-Link Routers have been hijacked and used by hackers working for the Chinese government. The routers that were affected have been turned into a botnet which is hammering Microsoft Azure with password spray attacks. This is done by sending massive amounts of login requests from a rotating list of IP addresses.

The 7777 botnet (or Quad7) is a collection of over 16,000 compromised devices. The name refers to the TCP Port that exposes the intrusion in the compromised device. This name was coined back in October 2023 by the researcher who documented it for the first time.

Azure's cloud service has been the target of similar attacks. Most recently, this led to the illicit access to email accounts belonging to several US government agencies. In this case, the hacker group Storm0558 was identified as being the culprit. A recent blog post by Microsoft said that the same group had been using credentials collected by the 7777 Botnet, suggesting a close working relationship between the hacker groups and whoever is steering bots.

Microsoft has observed that once hackers have gained access via a compromised account they move "laterally" within the network, grabbing more data and even trying to install remote-access trojan horses to allow them to return at a later time.

According to researchers at Sekoia TDR, Team Cymru and Sekoia TDR, the botnet 7777 was active as recent as August of this year. The affected routers were also found in other countries. The highest percentage of compromised devices were found in Bulgaria. Russia, the US and Ukraine followed closely behind. This vast network of devices makes tracing the source of an attack or even confirming that one is occurring, very difficult.

It's also not clear how these devices became infected or drawn into the botnet. It's important to note that compromised devices can be disinfected at least temporarily.

It's important to reboot your device periodically, as the malware can't write on the storage of a TP Link device. It's a simple tip, but it's another reason why the phrase "have you turned it off and on again" persists.

The best gaming PCs: the top pre-built machines
Best gaming laptop: Great devices for mobile gaming.

Interesting news

Square Enix's Yoshi-P promises more simultaneous releases, as the company realizes that people don't want to wait years for their games.
Square Enix's Yoshi-P promises more simultaneous releases, as the company realizes that people don't want to wait years for their games.
November 4, 2024
RTX 40 series gaming PCs are becoming so cheap that they may be able to justify the term 'budget.'
RTX 40 series gaming PCs are becoming so cheap that they may be able to justify the term 'budget.'
November 4, 2024
The Silent Hill 2 remake secret photos has been cracked by a player, and the developers couldn't be happier. 'There was a belief in our company that it might be too difficult'
The Silent Hill 2 remake secret photos has been cracked by a player, and the developers couldn't be happier. 'There was a belief in our company that it might be too difficult'
November 4, 2024

Comments

Выбрано: []
No comments have been posted yet