Vulnerability cyber

TP-Link

Mar 17, 2025 1 min read
TP-Link

The Ballista botnet, taking advantage of an unpatched vulnerability in TP-Link Archer routers, has significantly impacted multiple sectors including manufacturing, healthcare, services, and technology across the U.S., Australia, China, and Mexico. Beyond its widespread presence in various critical industries, this botnet exploits the routers for command and control (C2) channels, enabling DoS/DDoS attacks, data exfiltration, and persistent unauthorized access. With over 6,500 identified vulnerable devices, the threat actors behind Ballista have exhibited sophisticated capabilities that threaten not only individual organizations but also the integrity of IoT devices within critical infrastructure.

Source: https://securityaffairs.com/175278/malware/ballista-botnet-exploits-unpatched-tp-link-flaw.html

TPRM report: https://scoringcyber.rankiteo.com/company/tp-link-corporation

"id": "tp-001031725",
"linkid": "tp-link-corporation",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': ['Manufacturing',
                                     'Healthcare',
                                     'Services',
                                     'Technology'],
                        'location': ['U.S.', 'Australia', 'China', 'Mexico'],
                        'type': 'Organization'}],
 'attack_vector': 'Unpatched vulnerability in TP-Link Archer routers',
 'description': 'The Ballista botnet, taking advantage of an unpatched '
                'vulnerability in TP-Link Archer routers, has significantly '
                'impacted multiple sectors including manufacturing, '
                'healthcare, services, and technology across the U.S., '
                'Australia, China, and Mexico. Beyond its widespread presence '
                'in various critical industries, this botnet exploits the '
                'routers for command and control (C2) channels, enabling '
                'DoS/DDoS attacks, data exfiltration, and persistent '
                'unauthorized access. With over 6,500 identified vulnerable '
                'devices, the threat actors behind Ballista have exhibited '
                'sophisticated capabilities that threaten not only individual '
                'organizations but also the integrity of IoT devices within '
                'critical infrastructure.',
 'impact': {'systems_affected': 'TP-Link Archer routers'},
 'motivation': 'DoS/DDoS attacks, data exfiltration, and persistent '
               'unauthorized access',
 'post_incident_analysis': {'root_causes': 'Unpatched vulnerability in TP-Link '
                                           'Archer routers'},
 'title': 'Ballista Botnet Exploiting TP-Link Archer Routers',
 'type': 'Botnet',
 'vulnerability_exploited': 'Unpatched vulnerability in TP-Link Archer routers'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.