Techly NewsGet the app

Get the latest tech news

Thousands of TP-Link Routers Have Been Infected By a Botnet To Spread Malware


The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, t...

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of malware

malware

Photo of botnet

botnet

Photo of Routers

Routers

Related news:

News photo

Beware this new 'CAPTCHA' that tricks you into installing malware

News photo

'Garbage' to blame Ukraine for massive X outage, experts say

News photo

Microsoft Admits GitHub Hosted Malware That Infected Almost a Million Devices

« Show HN: We built a Plug-in Home Battery for the 99.7% of us without Powerwalls
Larry Ellison’s Oracle just reported $130 billion in future contracts—which doesn’t include even a single transaction from Stargate »