Previously unidentified botnet infects unpatched TP-Link Archer home routers therecord.media/ballista-…

A model of internet routers marketed to consumers and businesses is being targeted as part of an effort to grow a new botnet known as Ballista.

Researchers at cybersecurity firm Cato Networks said that during a recent investigation into router vulnerabilities, they discovered the botnet infecting TP-Link Archer routers.

The hacker behind the malware, who they believe is based in Italy, has been exploiting a firmware vulnerability tracked as CVE-2023-1389 to allow the botnet to “spread itself automatically over the Internet” through the unpatched TP-Link devices.

The Cybersecurity and Infrastructure Security Agency previously confirmed that CVE-2023-1389 is being exploited in the wild and ordered U.S. civilian agencies to patch the bug The documentation for the vulnerability and the patch emphasize the TP-Link model known as AX21 or AX1800.