Masz Wi-Fi? To jest rzecz do natychmiastowego sprawdzenia

Do you have Wi-Fi? This is something to check immediately

ByLogan

A huge network of Internet-connected devices from China is carrying out mass attacks on users of Microsoft Azure services. Hackers work for the local government and use routers of one popular brand.

Difficult to detect, severe attacks

A bot network called Botnet-7777 consists of 16,000 hacked devices, mainly TP-Link routers scattered all over the world. It owes its name to port 7777, which is attacked by this network, where hackers want to leave malware.

The type of attack performed by Botnet-7777 is the so-called “password spraying”, which involves sending a huge number of login requests using different IP addresses to different services (in this case using the Microsoft Azure infrastructure). Due to the fact that each device on the network has a specially limited number of login attempts, a cleverly coordinated attack is difficult to detect because at first glance it doesn’t seem like anything suspicious is happening.

Botnet-7777 was initially detected in October 2023, but the latest research (by teams of security experts from Serbia and Wales) from August 2024 confirms that it is still operational. A cyberattack campaign involves multiple hacker groups that can share information with each other and coordinate large-scale attacks around the world.

The botnet primarily targets various large organizations (including government and non-governmental organizations, law firms and the defense industry), and Microsoft (which is also investigating the matter) warns that attackers can gain access to many companies in a short period of time.

Microsoft has detailed three factors that make a bot network difficult to detect:
– using hacked computers with remote access to corporate networks
– thousands of IP addresses rotated and
– the practice of slow multiple attempts to log in to one account, which is not detected by security systems

After gaining access to the network, attackers try to install the so-called Trojans providing remote access and then further infiltrate the corporate network.

The mechanism of initial infection is unknown, and Microsoft has not provided advice on how users of TP-Link routers can prevent or detect infection. In the past, experts advised to periodically reset this type of devices because malware is unable to leave persistent code and therefore will not survive a restart. It is worth noting that although we can get rid of malware this way, there is nothing stopping hackers from attacking us again.

Similar Posts