Hacked TP-Link routers at center of massive botnet used to attack Azure customers
The network is probably still operational and likely acquiring new infrastructure
In context: CovertNetwork-1658 is a stark reminder of the ongoing cat-and-mouse game between cybersecurity professionals and threat actors. Using compromised devices as part of a botnet also underscores the importance of securing IoT devices and regularly updating firmware on routers and other network equipment.
Microsoft has exposed a complex network of compromised devices that Chinese hackers are using to launch highly evasive password spray attacks against Microsoft Azure customers. This network, dubbed CovertNetwork-1658 by Microsoft, has been actively stealing credentials from multiple Microsoft customers since August 2023.
The attacks use a botnet of thousands of small office and home office (SOHO) routers, cameras, and other Internet-connected devices. At its peak, there were more than 16,000 devices in the botnet, most of which were TP-Link routers.
CovertNetwork-1658, also known as xlogin and Quad7 (7777), is believed to be established and maintained by a threat actor located in China. The network's name stems from Microsoft's classification system, where "CovertNetwork" refers to a collection of egress IPs consisting of compromised or leased devices that may be used by one or more threat actors.
The hackers exploit a vulnerability in the routers to gain remote code execution capability, although the specific exploit method is still under investigation. Once access is achieved, the threat actors take several steps to prepare the router for password spray operations. These steps include downloading Telnet and xlogin backdoor binaries from a remote File Transfer Protocol (FTP) server, starting an access-controlled command shell on TCP port 7777, and setting up a SOCKS5 server on TCP port 11288.
Article
TP-Link launches $600 Archer GE800, its first Wi-Fi 7 gaming router
The Wi-Fi 7 router to go for if visible antennas are not your thing
Highly anticipated: Wi-Fi 7 routers don't come cheap right now, but the advantages could make them worth it for power users. The obvious key benefits include increased speed and bandwidth, thanks to wider 320MHz channels and the ability to combine multiple bands simultaneously using multi-link operation. They also maintain low-latency performance, making them perfect for cloud gaming and AR/VR applications.
#wifi #tplink #technology #gaming #router #technology
Announced way back in 2022 and teased at CES over the past two years, TP-Link's Archer GE800 tri-band gaming router is now available for $599.99, with a $100 discount for early adopters. TP-Link claims the Archer GE800 can deliver 11,520 Mbps on the 6 GHz band, 5,760 Mbps on the 5 GHz band, and 1,376 Mbps on the 2.4 GHz band.
Of course, you'll need Wi-Fi 7-enabled devices to take advantage of the router's advanced features. Only newer models like the Lenovo Legion 7i or Razer Blade 16 laptops offer support for it at the moment. None of the current crop of consoles do.