Indonesia's TP-Link Routers Vulnerable to Hacker Attacks, 177 Members Team New and Camaro Dragon Involved

Indonesia's TP-Link Routers Vulnerable to Hacker Attacks, 177 Members Team New and Camaro Dragon Involved

In recent times, the cybersecurity landscape has witnessed a significant surge in the exploitation of router operating systems. While MikroTik routers were once the primary target, the potential for attacks on TP-Link devices has garnered increasing attention. Vulnerabilities within TP-Link routers have made them an enticing target for several hacker groups, particularly within Indonesia.

Figure 1: 20000 TP-LINK Exposed

Cyberdefenseinsight's team has identified over 20,000 "TP-link" servers exposed to the public domain, with a substantial portion likely retaining default passwords or harboring exploitable vulnerabilities. Notably, one such vulnerability, CVE-2022-30075, has been publicly disclosed, potentially enabling authenticated remote code execution on TP-Link routers.

Figure 2: 55 TP-Link Route Exposed

It is imperativ to note that the 20,000 exposed TP-Link servers are a global figure, with 55 instances identified within Indonesia alone. This presents a significant threat to businesses utilizing TP-Link devices, emphasizing the urgency of safeguarding against potential breaches.

Figure 3: 𝟭𝟳𝟳 𝗠𝗲𝗺𝗯𝗲𝗿𝘀 𝗧𝗲𝗮𝗺 New Has been hacked TP-Link

On September 10th, a hacking group known as "177 Members Team New" claimed responsibility for infiltrating a series of "TP-Link" servers, with evidence provided showcasing a total of 7 compromised TP-Link servers. 

Not only the hackers of "177 Members Team New" pose a threat in the attacks targeting publicly exposed "TP-Link" servers, but it also extends to sophisticated actors such as APT Camaro Dragon (also known as Mustang Panda, Temp.Hex, Bronze President, HoneyMyte, RedDelta, Red Lich, Earth Preta, PKPLUG, and TA416). This state-sponsored entity has strategically shifted its focus towards compromising "TP-Link" routers, as underscored by the analysis conducted by Check Point Research.

The attack modus operandi employed by Camaro Dragon involves a series of steps, commencing with gaining access to the router's web interface. Subsequently, Camaro Dragon injects a customized firmware into the router. Upon rebooting the router, this malicious firmware becomes operational.

Given these escalating threats, securing servers from public exposure becomes paramount. Whenever possible, users are advised to restrict router server access to internal networks or employ VPNs, thereby mitigating the risk of unauthorized access.

In conclusion, the surge in router exploitations, particularly those targeting TP-Link devices, demands heightened cybersecurity measures. Vigilance, prompt software updates, and a proactive approach to safeguarding routers are crucial in the face of an increasingly sophisticated and persistent threat landscape. Protecting our digital infrastructure from potential breaches is not merely an option but an imperative for the modern era.