Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread
Fortinet News, Tuesday, April 16th, 2024
Last year, a command injection vulnerability, CVE-2023-1389, was disclosed and a fix developed for the web management interface of the TP-Link Archer AX21 (AX1800).
FortiGuard Labs has developed an IPS signature to tackle this issue. Recently, we observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent 'AGoent,' and the Gafgyt Variant. Peaks caused by these threats are evident in the following figure. This article will explore their infection traffic patterns and offer insights into these botnets.