Islamabad, Mar 13, 2025: The Ballista botnet is aggressively leveraging a critical remote code execution (RCE) flaw—CVE-2023-1389—to compromise TP-Link Archer AX-21 routers, as per a recent analysis by Cato CTRL, also covered by Tom’s Hardware.
So far, over 6,000 devices have fallen victim, with the majority of infections reported in Brazil, Poland, the United Kingdom, Bulgaria, and Turkey.
This security loophole enables cybercriminals to remotely execute commands, allowing the malware to run arbitrary code and propagate autonomously across the internet.
Initially identified in April 2023, when it was exploited by the notorious Mirai Botnet, this vulnerability remains a favored target for emerging malware strains such as Condi, AndroxGh0st, and the latest threat—Ballista.
Cato CTRL’s cybersecurity experts first identified Ballista’s activity on January 10, 2025, with its most recent recorded exploitation occurring on February 17, 2025.
Although the majority of compromised routers are consumer-level devices, the botnet has also infiltrated corporate networks, targeting critical industries like manufacturing, healthcare, technology, and service sectors.
Read More:
Xiaomi Smartwatch Sales Soar While Apple Sees First Decline
Countries most affected include the United States, Australia, China, and Mexico.
This attack once again emphasizes the persistent dangers associated with unpatched or inadequately secured IoT and network equipment, both in residential and business environments.
Cybersecurity specialists strongly advise TP-Link Archer AX-21 users to install the latest firmware updates without delay and deactivate remote access functions if they are not essential.
As Ballista continues to expand its reach, the incident sheds light on the broader issue of securing internet-connected infrastructure.
These devices remain prime targets for cybercriminal groups seeking to construct large-scale, distributed attack networks.
Strengthening cybersecurity defenses and proactive patching are crucial to mitigating such threats in the evolving digital landscape.
