Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread

Fortinet Labs documents ongoing exploitation of TP-Link Archer AX21's CVE-2023-1389 by multiple IoT botnets (AGoent, Gafgyt variant, Moobot, Mirai variants, Miori, Condi), providing technical infection details, malware behaviors (user creation, C2 communication, DDoS modules), extensive IOCs (C2 domains, IPs, URLs, many file hashes), and mitigation guidance including FortiGuard detections and the importance of applying vendor patches.