Hackers use botnet of hacked TP-Link routers for account takeover attacks on Microsoft Azure

arstechnica.com — November 2, 2024 at 04:01 AM UTC

Hackers linked to the Chinese government are using a botnet of around 8,000 compromised TP-Link routers and other devices to launch password-spraying attacks on Microsoft’s Azure cloud service. This botnet, named CovertNetwork-1658 by Microsoft, is designed to evade detection. The botnet was first identified in October 2023 and has been active in large-scale account takeover attempts. Security researchers confirmed its ongoing operations in July and August 2024, highlighting its ability to coordinate login attempts from various IP addresses. Microsoft noted that the botnet's tactics make it challenging for targeted services to identify the attacks. The coordinated efforts of the botnet increase the chances of successful account compromises across different sectors and regions.

With a significance score of 5.1, this news ranks in the top 1.2% of today's 25436 analyzed articles.

Get summaries of news with significance over 5.5 (usually ~10 stories per week). Read by 10,000+ subscribers: