Indicators of Compromise
port: 53， 443，13433
Unpatched, old vulnerabilities in networking devices have allowed a noxious malware to infect thousands of AT&T customers in the U.S. The malware basically functions as a backdoor, one that could allow an attacker to penetrate networks, steal data, and other unsavory activity targeted at least 5,700 U.S. based AT&T subscribers.
The malware appears to have seeped into users’ enterprise network edge devices via a bug that was originally discovered back in 2017. Edge devices, which help businesses connect their networks to ISPs, are common targets for malware infection and cyberattacks.
The affected devices are EdgeMarc Enterprise Session Border Controllers, produced by Ribbon Communications (formerly named Edgewater), which are commonly used by smaller and mid-sized businesses to manage and secure internal communications like voice and video-call.
The malware compromised these controllers via a bug, tracked asCVE-2017-6079, for which a patch was ostensibly issued way back in 2018.
The malware in question…
View original post 109 more words