AT&T Under Bot Attack

Indicators of Compromise
C2C

185.10.68.20
rtmxvd.iunno.se
ekgmua.zapto.org
boatreviews.xpresit.net
a.rtmxvdio.net
a.hatbowlu3hf.ru
a.hatbowlrtx.su
45.141.157.217
rtmxvd.iunno.se
hhqnyy.zapto.org
besthatsite.mooo.com
b.rtmxvdio.net
b.hatbowlu3hf.ru
b.hatbowlrtx.su
port: 53, 443,13433
MD5 Hashes

007c28d9a0ccfb10c478689fd63e0de0
128331f1c808ee385375dd54d0609ebc
46c18a8e93a863053952985a39bd7d63
4f0841ac08a27d8b3d56cbd03fb68ad8
5c4390e1668856cc7f72499a72f935d6
62bc8899a353921ac685cabb63de97b3
67ccb3cf1f4f57f5a0ded4d20bc91d73
7d4937e27d0fd75dd6159ffe53ebb505
84b3df62ed45bea57d0dd85e80f0dc07
8794d23cad330de803294a2a1adb128b
abaed830fe09e92ee434236d3db01e08
b81ade4f18c2df58adef301f401e8a02
ca6eb890853434ab9a0f8cdbab0965ea
ddf96434bdb7b449ddcc925e6a5b3095
eef0035f971622cc5f48e164ca28a95f
fbbacfb20e487265c7fdb30817717f26

TheCyberThrone

Unpatched, old vulnerabilities in networking devices have allowed a noxious malware to infect thousands of AT&T customers in the U.S. The malware basically functions as a backdoor, one that could allow an attacker to penetrate networks, steal data, and other unsavory activity targeted at least 5,700 U.S. based AT&T subscribers.

The malware appears to have seeped into users’ enterprise network edge devices via a bug that was originally discovered back in 2017. Edge devices, which help businesses connect their networks to ISPs, are common targets for malware infection and cyberattacks.

The affected devices are EdgeMarc Enterprise Session Border Controllers, produced by Ribbon Communications (formerly named Edgewater), which are commonly used by smaller and mid-sized businesses to manage and secure internal communications like voice and video-call.

The malware compromised these controllers via a bug, tracked asCVE-2017-6079, for which a patch was ostensibly issued way back in 2018.

The malware in question…

View original post 109 more words

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.