• arrakarkA
    link
    fedilink
    English
    arrow-up
    38
    ·
    19 days ago

    I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.

    • finitebanjo@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      18 days ago

      If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.

      The article also says:

      It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:

      • Download Telnet binary from a remote File Transfer Protocol (FTP) server
      • Download xlogin backdoor binary from a remote FTP server
      • Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
      • Connect and authenticate to the xlogin backdoor listening on TCP port 7777
      • Download a SOCKS5 server binary to router
      • Start SOCKS5 server on TCP port 11288.

      So maybe setting up some firewall rules could also help prevent further problems.

  • DarkCloud@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    19 days ago

    The article makes it clear that the Chinese botnet is targeting Microsoft azure accounts, usually for large organizations involved with governments, infrastructure, legal professionals, science and technology.

    It also states that the attacks can be disinfected by regularly restarting your router, but that this doesn’t prevent reinfection later.

    The US intelligence services also says you should regularly restart your phone.

    This is Microsoft’s posting about it which other news sources are quoting from: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/

    It has a recommendations section which suggests “credential hygiene” and strong passwords help.

  • Cargon@lemmy.ml
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    18 days ago

    For less money than some gaudy gaming wireless router that you end up replacing every 3 years, you can grab a Mini PC with two NICs, a wireless access point, and install OpnSense.

    Your life will be irrevocably changed for the better.

  • sploosh@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    18 days ago

    This makes me want to call up the former CTO of the MSP I worked for who disagreed with me when I said TP-Link and other consumer hardware was a risk we shouldn’t let our customers take and tell him that he’s a miserable drunk who destroyed a company by taking a role he had no business in.

  • werefreeatlast@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    18 days ago

    Go to openwrt. Or get something better with good security. Unifi is good and very expansible but it doesn’t have opensource software compatibility. Sad really.

  • rehydrate5503@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    17 days ago

    So I just added a TP-Link switch (TL-SG3428X) and access point (EAP670) to my network, using OPNSense for routing. I’m still within the return window for both items. I understand the article mentions routers, but should I consider returning these, and upping my budget to go for ubiquity? The AP would only be like $30 more for an equivalent, so that’s negligible, but a switch that meets my needs is about 1.6x more. And still only has 2 SFP+ ports, while I need 3 at minimum.