(06-06-2024, 10:26 PM)Maxmars Wrote: Looks like another website has picked up the topic...
From HITB.org: This malware botnet bricked over 600,000 routers in coordinated attack — but no one is really sure why
In the report, the researchers said that a piece of commodity remote access trojan (RAT) called Chalubo compromised hundreds of thousands of SOHO routers, consisting of three specific models: ActionTec T3200s, ActionTec T3260s, and Sagemcom F5380, all belonging to the same ISP. Chalubo pulled these routers into the botnet which, among other things, was capable of running distributed denial of service (DDoS) attacks.
Then, between October 25 and 27, 2023, the routers started dying. While Black Lotus did not name the ISP being attacked, BleepingComputer said that the attack “bears a striking resemblance” to the Windstream outage, since its users started reporting dead routers on October 25.
I strongly suspect the issue is much larger. Anyone who remembers the old school viruses like sasser worm and code red something or other... They initially said 1 million machines yet this crap can still be found on the net to this day and I'm pretty sure they hit like 20 years ago. 600K is just what they know about so far. Once these exploits happen they never really go away. There is inherently always someone with an old ass machine that still connects to the net that is infected and the owner either does not know or does not care.
I watched a YouTube vid the other day the dude plugged an XP machine in and it was infected in about 30 seconds.
Edit to add:
I am not sure why network hardware vendors are not held to the same standards as say, automotive manufacturers. If an automotive manufacturer produces an in-production or in-warranty vehicle that is found to have a flaw that allows anyone to start and drive the vehicle, there is a recall, and the manufacturer is required to address the issue. I fail to see how communications equipment that carries potentially critical customer data doesn't fall into a similar category of reliability expectations.
I picked up one of those cheap TP-Link routers just to have a look at it... It is a currently marketed product, but runs a 3.x Linux kernel which not only has known, unfixable exploits, but has not been updated in years. Like I said, releasing such a device ought to be a criminal act. It's akin to selling someone a steel door held together by zip ties or a vehicle that you know has major issues as these exploits have been publicly published in some instances for DECADES.
BTW, it is possible to obtain root access on the same router and have complete control of the device. TP-Link AX-1500 sold at Walmart. Do not buy one. It's sure as hell not on my network.