• finitebanjo@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    19 days ago

    If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.

    The article also says:

    It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:

    • Download Telnet binary from a remote File Transfer Protocol (FTP) server
    • Download xlogin backdoor binary from a remote FTP server
    • Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
    • Connect and authenticate to the xlogin backdoor listening on TCP port 7777
    • Download a SOCKS5 server binary to router
    • Start SOCKS5 server on TCP port 11288.

    So maybe setting up some firewall rules could also help prevent further problems.