{"id":121186,"date":"2024-11-02T11:08:26","date_gmt":"2024-11-02T04:08:26","guid":{"rendered":"https:\/\/hotvideos24.online\/?p=121186"},"modified":"2024-11-02T11:08:26","modified_gmt":"2024-11-02T04:08:26","slug":"thousands-of-hacked-tp-link-routers-used-in-years-long-account-takeover-attacks","status":"publish","type":"post","link":"https:\/\/hotvideos24.online\/?p=121186","title":{"rendered":"Thousands of hacked TP-Link routers used in years-long account takeover attacks"},"content":{"rendered":"<p> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<\/p>\n<div>\n<p>Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users of Microsoft\u2019s Azure cloud service, the company warned Thursday.<\/p>\n<p>The malicious network, made up almost entirely of TP-Link routers, was first documented in October 2023 by a researcher who named it <a href=\"https:\/\/arstechnica.com\/information-technology\/2024\/11\/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks\/link\">Botnet-7777<\/a>. The geographically dispersed collection of more than 16,000 compromised devices at its peak got its name because it exposes its malicious malware on port 7777.<\/p>\n<h2>Account compromise at scale<\/h2>\n<p>In July and again in August of this year, security researchers from <a href=\"https:\/\/blog.sekoia.io\/solving-the-7777-botnet-enigma-a-cybersecurity-quest\/\">Serbia<\/a> and <a href=\"https:\/\/www.team-cymru.com\/post\/botnet-7777-are-you-betting-on-a-compromised-router\">Team Cymru<\/a> reported the botnet was still operational. All three reports said that Botnet-7777 was being used to skillfully perform password spraying, a form of attack that sends large numbers of login attempts from many different IP addresses. Because each individual device limits the login attempts, the carefully coordinated account-takeover campaign is hard to detect by the targeted service.<\/p>\n<p>On Thursday, Microsoft <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/10\/31\/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network\/\">reported<\/a> that CovertNetwork-1658\u2014the name Microsoft uses to track the botnet\u2014is being used by multiple Chinese threat actors in an attempt to compromise targeted Azure accounts. The company said the attacks are \u201chighly evasive\u201d because the botnet\u2014now estimated at about 8,000 strong on average\u2014takes pains to conceal the malicious activity.<\/p>\n<p>\u201cAny threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to multiple organizations in a short amount of time,\u201d Microsoft officials wrote. \u201cThis scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the potential of account compromises across multiple sectors and geographic regions.<\/p>\n<p>Some of the characteristics that make detection difficult are:<\/p>\n<ul>\n<li aria-level=\"1\">The use of compromised SOHO IP addresses<\/li>\n<li aria-level=\"1\">The use of a rotating set of IP addresses at any given time. The threat actors had thousands of available IP addresses at their disposal. The average uptime for a CovertNetwork-1658 node is approximately 90 days.<\/li>\n<li aria-level=\"1\">The low-volume password spray process; for example, monitoring for multiple failed sign-in attempts from one IP address or to one account will not detect this activity.<\/li>\n<\/ul><\/div>\n<p><script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3711241968723425\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-format=\"fluid\"\r\n     data-ad-layout-key=\"-fb+5w+4e-db+86\"\r\n     data-ad-client=\"ca-pub-3711241968723425\"\r\n     data-ad-slot=\"7910942971\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script><br \/>\n<br \/><div data-type=\"_mgwidget\" data-widget-id=\"1660802\">\r\n<\/div>\r\n<script>(function(w,q){w[q]=w[q]||[];w[q].push([\"_mgc.load\"])})(window,\"_mgq\");\r\n<\/script>\r\n<br \/>\n<br \/><a href=\"https:\/\/arstechnica.com\/information-technology\/2024\/11\/microsoft-warns-of-8000-strong-botnet-used-in-password-spraying-attacks\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users &hellip; <a href=\"https:\/\/hotvideos24.online\/?p=121186\" class=\"more-link\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630],"tags":[],"class_list":["post-121186","post","type-post","status-publish","format-standard","hentry","category-technology","entry"],"_links":{"self":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/121186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=121186"}],"version-history":[{"count":0,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=\/wp\/v2\/posts\/121186\/revisions"}],"wp:attachment":[{"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=121186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=121186"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hotvideos24.online\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=121186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}