Tech Desk 
Mar 13, 2025
A dangerous cyber attack has infected more than 6,000 TP-Link Archer AX-21 routers worldwide, security researchers warn.
The attack is linked to the Ballista botnet, which is taking advantage of a serious security flaw (CVE-2023-1389) that allows hackers to control devices remotely.
This vulnerability, which was initially discovered in April 2023, enables attackers to inject malicious instructions in routers, facilitating malware to propagate without the need for user interaction.
Additionally, this vulnerability was initially exploited by the Mirai Botnet but is currently being used by more recent threats such as Condi, AndroxGh0st, and Ballista. The most recent attacks were found between January 10 and February 17, 2025.
The Ballista botnet is impacting users in Brazil, Poland, the UK, Bulgaria, and Turkey. But it is also victimizing businesses in crucial sectors like manufacturing, healthcare, and technology in the U.S., Australia, China, and Mexico. Cybersecurity experts suggest that unpatched routers and poor security settings make these devices vulnerable to attacks.
How to protect TP-Link routers from cyber-attacks?
To protect against this threat, TP-Link router owners should update their firmware immediately and disable remote access features if not needed. Keeping devices secure is essential to prevent hackers from using them for large-scale cyberattacks.
