I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.
I’ve had no end of trouble with routers and ones you should choose to be sure of.
The ones where you can flash OpenWRT seems the only choice if you want some semblance of security. But even my current Xiaomi router with stock firmware creates hash mismatches using apt to download things, and I don’t 100% know with confidence that using OpenWRT on it instead is keeping me right.
No doubt, and I would really love someone with more knowledge than me to poke into why that was going on (*edit: for clarity, this behaviour stopped after installing OpenWRT and is the stock Mi firmware that causes this)
As opposed to, TP-Link, Cisco(Linksys) and other off the shelf routers it seems some will only go for brands with their own proprietary firmware?
I grabbed that Xiaomi router on the premise it has OpenWRT, but I’d like to see Ubi / Unifi routers put under the same scrutiny instead of just lumping a brand name as a no-go.
Mine was a half-joke, but it’s not the first time chinese hardware was caught sending data around. Now I can’t recommend anything specific since the last time I bought a router was ages ago, and even though having one running OpenWRT is good I’d avoid it to be on the safer side.
If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.
The article also says:
It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:
Download Telnet binary from a remote File Transfer Protocol (FTP) server
Download xlogin backdoor binary from a remote FTP server
Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
Connect and authenticate to the xlogin backdoor listening on TCP port 7777
Download a SOCKS5 server binary to router
Start SOCKS5 server on TCP port 11288.
So maybe setting up some firewall rules could also help prevent further problems.
I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.
I’ve had no end of trouble with routers and ones you should choose to be sure of.
The ones where you can flash OpenWRT seems the only choice if you want some semblance of security. But even my current Xiaomi router with stock firmware creates hash mismatches using
aptto download things, and I don’t 100% know with confidence that using OpenWRT on it instead is keeping me right.That’s a huge fucking red flag and I would yeet any network equipment responsible for fudging such a thing.
No doubt, and I would really love someone with more knowledge than me to poke into why that was going on (*edit: for clarity, this behaviour stopped after installing OpenWRT and is the stock Mi firmware that causes this)
https://files.catbox.moe/2i5ekl.jpg
I remember finding this thread where someone said they replaced their entire networking equipment
https://stackoverflow.com/questions/72022569/cannot-find-fixes-to-apt-error-hash-sum-mismatch
My router is this model for anyone wanting to nosey
https://openwrt.org/toh/xiaomi/ax3600
Ah I see the problem right there…
As opposed to, TP-Link, Cisco(Linksys) and other off the shelf routers it seems some will only go for brands with their own proprietary firmware?
I grabbed that Xiaomi router on the premise it has OpenWRT, but I’d like to see Ubi / Unifi routers put under the same scrutiny instead of just lumping a brand name as a no-go.
What’s your recommendation?
Mine was a half-joke, but it’s not the first time chinese hardware was caught sending data around. Now I can’t recommend anything specific since the last time I bought a router was ages ago, and even though having one running OpenWRT is good I’d avoid it to be on the safer side.
If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.
The article also says:
So maybe setting up some firewall rules could also help prevent further problems.