Vulnerable TP-Link Archer AX21 routers have been targeted by the Mirai botnet malware to expand its network using the CVE-2023-1389 flaw, which was first identified in December, reports The Record, a news site by cybersecurity firm Recorded Future.
While most of the devices impacted by Mirai have been based in Eastern Europe, infections have also been detected in other parts of the world, according to a report from Trend Micro's Zero Day Initiative.
Aside from enabling compromised devices to be used in game server-targeted distributed denial-of-service attacks, threat actors behind the latest campaign have also been disguising device traffic to appear legitimate in a bid to avoid detection.
"Seeing this CVE being exploited so quickly after the patch being released is a clear demonstration of the decreasing 'time-to-exploit' speed that we continue to see across the industry. That said, this is nothing new for the maintainers of the Mirai botnet, who are known for quickly exploiting [internet-of-things] devices to maintain their foothold in an enterprise," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news