New EwDoor Botnet Focusing on Unpatched AT&T Community Edge Units

A newly found botnet able to staging distributed denial-of-service (DDoS) assaults focused unpatched Ribbon Communications (previously Edgewater Networks) EdgeMarc home equipment belonging to telecom service supplier AT&T by exploiting a four-year-old flaw within the community home equipment.

Chinese language tech large Qihoo 360’s Netlab community safety division, which detected the botnet first on October 27, 2021, known as it EwDoor, noting it noticed 5,700 compromised IP addresses positioned within the U.S. throughout a short three-hour window.

Automatic GitHub Backups

“Thus far, the EwDoor in our view has undergone three variations of updates, and its foremost features will be summarized into two foremost classes of DDoS assaults and backdoor,” the researchers noted. “Based mostly on the attacked units are phone communication associated, we presume that its foremost goal is DDoS assaults, and gathering of delicate data, similar to name logs.”


Propagating via a flaw in EdgeMarc units, EwDoor helps a wide range of options, together with the power to self-update, obtain information, acquire a reverse shell on the compromised machine, and execute arbitrary payloads. The vulnerability in query is CVE-2017-6079 (CVSS rating: 9.8), a command injection flaw affecting the session border controllers that could possibly be weaponized to execute malicious instructions.

Prevent Data Breaches

EwDoor, in addition to gathering details about the contaminated system, additionally establishes communications with a distant command-and-control (C2) server, both immediately or not directly utilizing BitTorrent Trackers to fetch the C2 server IP handle, to await additional instructions issued by the attackers.

Now we have reached out to AT&T for remark, and we are going to replace the story once we hear again. Extra indicators of compromise related to the marketing campaign will be accessed here.

Source link