The network, which Microsoft calls CovertNetwork-1658, contains more than 8,000 infected devices and primarily targets Azure accounts in North America and Europe. Researchers noted that this infrastructure, also known as Botnet-7777, uses a unique tactic that allows it to bypass standard detection methods by using a low volume of login attempts from different IP addresses.

One of the most active groups using this botnet, known as Storm-0940, targets government agencies, think tanks and defense companies. Attackers use stolen access credentials, navigate the network, and install remote surveillance tools. Devices in the botnet persist for approximately 90 days and change their IP addresses, making them even more difficult to detect.

Microsoft hasn’t offered specific guidance for TP-Link router users, but experts note that periodic reboots can temporarily remove malware that doesn’t persist after a reboot.

Source: Ferra

Previous articleThis Ricoh projector will provide the best 4K in any light. It’s better not to see the priceComputers03 November 2024, 05:15
Next article40 percent of planes in the US will fly with waste Science and technology 03 November 2024 06:45
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.

LEAVE A REPLY

Please enter your comment!
Please enter your name here