New Botnet Exploits TP-Link Routers for Remote Code Execution

A new botnet is infecting TP-Link routers, enabling command injection and remote code execution (RCE), which facilitates the automatic spread of malware across the internet. This critical security vulnerability, listed as CVE-2023-1389, has been exploited since April 2023 to distribute other malware families, including Mirai, Condi, and AndroxGh0st. The majority of infected devices are located in Brazil, Poland, the United Kingdom, Bulgaria, and Turkey, targeting organizations in the manufacturing, healthcare, services, and technology sectors in the United States, Australia, China, and Mexico.