Ballista' Botnet Exploits 2023 Vulnerability in TP-Link Routers
Posted: Sun Mar 16, 2025 5:09 pm
A global Internet of Things (IoT) botnet campaign, dubbed "Ballista," has been targeting unpatched TP-Link routers since the beginning of 2025.
The botnet exploits a remote code execution vulnerability in TP-Link Archer routers, tracked as CVE-2024-1389, allowing it to spread itself throughout the Internet automatically. The earliest recorded exploitation attempts of the vulnerability date back to April 2023, when unidentified threat actors used it to drop Mirai botnet malware.
https://www.darkreading.com/cyberattack ... nk-routers
The botnet exploits a remote code execution vulnerability in TP-Link Archer routers, tracked as CVE-2024-1389, allowing it to spread itself throughout the Internet automatically. The earliest recorded exploitation attempts of the vulnerability date back to April 2023, when unidentified threat actors used it to drop Mirai botnet malware.
https://www.darkreading.com/cyberattack ... nk-routers