TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

Building DDoS Botnets with TP-Link and Netgear Routers

2024-05-22 · Read original ↗

ATT&CK techniques detected

5 predictions
T1584.005Botnet
86%
"##t devices to include in mozi botnets. 2 the mozi ddos botnet mozi has been linked to a wide number of vulnerable iot devices, including routers from netgear, huawei, d - link, gpon, and tp - link. 3 the mozi botnet uses a peer to peer ( p2p ) method of communication similar to …"
T1190Exploit Public-Facing Application
63%
"building ddos botnets with tp - link and netgear routers introduction last month ’ s sensor intel series for march 2024 uncovered the explosion in traffic hunting for systems affected by cve - 2023 - 1389. the flaw which related to tp - link archer ax21 wi - fi routers has quickl…"
T1190Exploit Public-Facing Application
39%
"the top spot only a few months ago, this now sits at number five in our top cve list. - a remote code execution ( rce ) vulnerability with an unassigned cve is affecting netgear dgn1000 devices. whilst unspotted in sensor traffic this is currently the top exploited vulnerability …"
T1588.006Vulnerabilities
39%
"such as cve - 2016 - 6277, some have not. 4 the f5 threat campaigns map shows heavy exploitation of the netgear dgn1000 wifi router, showing activity from 15 unique locations over the world. 5 along with active botnet activity targeting netgear devices, threat campaigns is also t…"
T1588.006Vulnerabilities
36%
"great way to easily identify the big changes in individual cve exploitation. in it we can see the steady decline of cve - 2020 - 11625 which began in january of 2024 after its explosive growth back in november 2023. the decline in traffic targeting cve - 2020 - 11625, and the dro…"

Summary

Threat actors double down with their botnet building efforts. Vulnerable Netgear routers join exploitable TP-Link and other IoT devices, expanding attacker DDoS capabilities.