TP-Link Router Botnet
There is a new botnet that is infecting TP-Link routers:
The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.
[…]
Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.
Saying Hello to My CALEA/COWT • March 14, 2025 7:58 AM
Can’t think of its Title but I’ve watched a YouTube video a couple of days ago, of a hearing (congressional? perhaps) where a few folks from the US National Security CyberSec realm, discussed exactly this, and the guy even held up one of those TP-Link routers, a small sized one for home use, and showed it to everyone recommending they not use that particular brand. Same guy also recommended people use Signal App for messaging. Wish I could remember the title of the video. The hearing lasted at least a couple of hours. Most of the content was about the seriousness of the National Security threat that China poses with their data harvesting ops and about the effects of the two most known/talked about Typhoons. If someone has a link, please post it here for everyone to see.