Hackers hijack over 16,000 TP-Link network devices, creating a big ol' botnet that's absolutely slamming Microsoft Azure accounts
As a renter all too familiar with the faraday cages that make up much of Bath's Georgian architecture, I've found TP-Link WiFi adapters often come in clutch (that Bridgerton fanfic isn't going to read itself, and certainly not on a dodgy internet connection). Unfortunately these adapters, alongside many of TP-Link's networking products, seem to be extremely vulnerable to hackers.
It gets worse: thousands of TP-Link routers have been hijacked by hackers working on behalf of the Chinese government, according to Ars Technica. The affected routers have been leveraged into a botnet that's hammering Microsoft Azure accounts with password spray attacks, sending massive amounts of login attempts from a rotating roster of IP addresses.
A dizzying 16,000 compromised devices have been pulled together into what's been dubbed the 7777 (or Quad7) botnet. The name is a reference to the TCP port that exposes the intrusion on the compromised device, and this name was coined by the researcher who first documented it—back in October 2023.
As for Azure, Microsoft's cloud services have already been the subject of similar attacks, most recently leading to the illicit access of email accounts belonging to a number of US government agencies. In that instance, hacker group Storm-0558 was identified as the culprit, and a recent blog post from Microsoft says this same group has been using credentials scooped up by the 7777 botnet, suggesting a «close working relationship» between the hacker group and whoever is steering the bots.
Once hackers get in via a compromised account, they've then been observed by Microsoft to move «laterally within the network,» scooping up more data and even attempting to install remote access trojan horses so they can hop back in at a later date.
According to security researchers at Sekoia TDR and Team Cymru, the 7777 botnet was active as recently as August this year. Furthermore, affected routers were found all over the world; the highest portion of compromised
Read more on pcgamer.com
