By Joie Salvio | December 08, 2021
FortiGuard Labs Threat Research Report
Affected Platforms: Linux
Impacted Users: Any organization
Impact: Remote attackers gain control of the vulnerable systems
Severity Level: Critical
Last week, our FortiGuard Labs team encountered a malware sample that’s currently being distributed in the wild targeting TP-link wireless routers. It leverages a recently post-authenticated RCE vulnerability released barely two weeks prior.
As it turns out, it is an updated variant of the MANGA campaign (also known as Dark) that distributes samples based on Mirai’s published source code. This Mirai-based Distributed Denial of Service (DDOS) botnet campaign is one that FortiGuard Labs has been actively monitoring. The campaign originally piqued our interest due to the continuous updating of its list of target vulnerabilities—more so than other campaigns we have seen so far.
TP-Link has already released an updated firmware for this affected hardware version and users are strongly encouraged to update their devices.
This post details how this threat leverages the new vulnerability to take over the affected devices and ways to protect users from these attacks.