The emerging botnet Condi Network proliferated through the TP-Link vulnerability

FortiGuard Labs, the research arm of security firm Fortinet, recently released a report on the emerging botnet Condi Network. According to their findings, the botnet is spreading by exploiting a TP-Link Archer AX21 router vulnerability called CVE-2023-1389, which was patched in March this year. However, the scale of infections on the network is still expanding, and Condi Network has begun offering distributed denial of service (DDoS).

A vulnerability in TP-Link Archer AX21, CVE-2023-1389, allows hackers to inject commands without authorization through a network management interface. Although TP-Link learned of the vulnerability in January and patched it with a firmware update in March, hackers exploited the vulnerability to deploy the Mirai botnet virus in April. Condi Network became the second botnet after Mirai to exploit this vulnerability.

FortiGuard Labs began noticing an increase in the number of Condi samples in late May, and they also discovered that hackers had used Telegram channels to sell Condi Network-based DDoS services, as well as Condi and other botnet sources and tools. In order to perpetuate the victim’s system, Condi took measures such as deleting the binary files used to shut down or restart the system, and cleaning up other botnet-related programs and files.

Researchers call out that malicious programs such as botnets often find new ways to expand, and new vulnerabilities are often the main targets of hackers. Therefore, they strongly recommend that users implement all security updates as soon as possible to prevent such attacks.