Condi DDoS botnet distributed through TP-Link WiFi router flaw

BleepingComputer reports that vulnerable TP-Link Archer AX21 (AX1800) WiFi routers impacted by the high-severity vulnerability, tracked as CVE-2023-1389, have been targeted to facilitate the distribution of the novel DDoS-as-a-Service botnet Condi, which emerged last month. With the flaw already exploited by the Mirai botnet in April, operators of Condi have integrated within the botnet a mechanism that stops the processes of competing botnets and older versions of Condi, as well as included a wiper for several files to prevent device restarts or shutdowns, a report from Fortinet revealed. Public IPs with open ports 80 or 8080 are also being scanned by Condi to facilitate new device infections. Operators have also been distributing numerous samples of Condi, some of which exploit other vulnerabilities, while others leverage a shell script with an Android Debug Bridge source to enable spread through open ADB ports. Such a DDoS botnet should prompt the immediate application of firmware updates for the vulnerable WiFi routers.