"New Condi Malware Builds DDoS Botnet Out of TP-Link AX21 Routers"

In May 2023, a new Distributed Denial-of-Service (DDoS)-as-a-Service botnet called "Condi" emerged, exploiting a vulnerability contained by TP-Link Archer AX21 (AX1800) Wi-Fi routers to form an army of bots for conducting attacks. AX1800 is a widely used Linux-based dual-band Wi-Fi 6 router with a bandwidth of 1.8 Gbps, mostly used by home users, small offices, shops, cafes, and more. Condi recruits new devices to create a powerful DDoS botnet that can be rented to initiate attacks against websites and services. In addition, the threat actors behind Condi sell the malware's source code, which is an aggressive method of monetization likely to result in numerous project variants with different features. According to a report published by Fortinet, Condi targets a high-severity unauthenticated command injection and Remote Code Execution (RCE) vulnerability, tracked as CVE-2023-1389, in the Application Programming Interface (API) of the router's web management interface. After Mirai exploited it at the end of April, Condi is the second DDoS botnet to target this vulnerability. This article continues to discuss the new DDoS-as-a-Service botnet Condi. 

Bleeping Computer reports "New Condi Malware Builds DDoS Botnet Out of TP-Link AX21 Routers"