309
Thousands of hacked TP-Link routers used in years-long account takeover attacks (arstechnica.com)
submitted 3 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
62 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] finitebanjo@lemmy.world 3 points 2 days ago* (last edited 2 days ago)

If you don't use Microsoft Azure cloud services then it shouldn't matter, for now. Might want to just avoid running those for a little while.

The article also says:

It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:

  • Download Telnet binary from a remote File Transfer Protocol (FTP) server
  • Download xlogin backdoor binary from a remote FTP server
  • Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
  • Connect and authenticate to the xlogin backdoor listening on TCP port 7777
  • Download a SOCKS5 server binary to router
  • Start SOCKS5 server on TCP port 11288.

So maybe setting up some firewall rules could also help prevent further problems.

this post was submitted on 02 Nov 2024
309 points (98.4% liked)

Technology

59080 readers
3237 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world