Mirai Botnet Variant Explores TP-Link to Grow its Army of DDoS Devices

The Mirai botnet operators were seen abusing CVE-2023-1389, a vulnerability in the TP-Link Archer A21 (AX1800) WiFi router, and trying to make those devices part of their future DDoS attacks. The initial study of the attack infrastructure revealed targeted devices in the Eastern Europe region, however, the attack campaign could be spreading worldwide. The vulnerability was patched last month by TP-Link.