When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
The botnet exploits a remote code execution (RCE) vulnerability in the routers, tracked as CVE-2023-1389.
Reports were coming out in both 2023 and 2024.
This allows running shell commands to conduct further RCE and denial of service (DoS) attacks.
In addition, the malware attempts to read sensitive files on the local system.
Furthermore, they discovered Italian strings in the binary, which prompted them to dub the botnet Ballista.
The best way to defend against Ballista is to update the TP-Link Archer routers.
The company addressed this issue in firmware version 1.1.4 Build 20230219.
