New Ballista Botnet Campaign Targets Unpatched TP-Link Archer Routers

A new botnet campaign named Ballista is targeting unpatched TP-Link Archer routers, according to findings from the Cato CTRL team. The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to automatically spread across the internet. Security researchers Ofek Vardi and Matan Mittelman revealed that more than 6,000 devices are being targeted by this campaign.