I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.
If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.
The article also says:
It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:
Download Telnet binary from a remote File Transfer Protocol (FTP) server
Download xlogin backdoor binary from a remote FTP server
Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
Connect and authenticate to the xlogin backdoor listening on TCP port 7777
Download a SOCKS5 server binary to router
Start SOCKS5 server on TCP port 11288.
So maybe setting up some firewall rules could also help prevent further problems.
I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.
If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.
The article also says:
So maybe setting up some firewall rules could also help prevent further problems.