New VOIP-Based Botnet Attacking Routers Configured With Default Password

Threat Score:
65
2 articles
93.0% similarity
9 hours ago

Activity Timeline

2 articles
Click to navigate
Jul 25
Jul 26
Oldest
Latest

Key Insights

1
A new global botnet is exploiting VOIP-enabled routers with default Telnet passwords, compromising around 500 devices worldwide.
2
Initial detection occurred in rural New Mexico, linked to the Pueblo of Laguna Utility Authority, indicating a coordinated attack pattern.
3
Attackers are leveraging default credentials to gain unauthorized access, highlighting the importance of changing factory settings.
4
No specific threat actor attribution has been identified, but the attack demonstrates a growing trend in targeting IoT devices with weak security.

Threat Overview

A sophisticated botnet campaign is targeting VOIP-enabled routers globally, exploiting devices configured with default Telnet passwords. Approximately 500 routers have been compromised, with initial activity traced back to rural New Mexico [1][2]. This incident underscores the critical need for organizations to secure IoT devices by changing default credentials and implementing strong password policies. Security teams should audit their network for vulnerable devices and ensure that all default settings are modified. No patches are currently available, making immediate action essential to mitigate risks [1][2].

Tactics, Techniques & Procedures (TTPs)

T1078
Valid Accounts - Exploiting default Telnet credentials for unauthorized access - Articles 1, 2
T1203
Exploitation for Client Execution - Utilizing Telnet to execute commands on compromised routers - Articles 1, 2
T1499
Endpoint Denial of Service - Potential for botnet to disrupt services through coordinated attacks - Articles 1, 2
T1583.001
Acquire Infrastructure - Establishing a botnet through compromised IoT devices - Articles 1, 2

Timeline of Events

2025-07-20
Unusual cluster of malicious IP addresses detected in rural New Mexico [2]
2025-07-25
Discovery of botnet operation targeting VOIP-enabled routers announced [2]
2025-07-26
Reports confirm approximately 500 devices compromised worldwide [1]
Powered by ThreatCluster AI
Generated 9 hours ago
Recent Analysis
AI analysis may contain inaccuracies

Related Articles

2 articles
1

New VOIP-Based Botnet Attacking Routers Configured With Default Password

Cybersecurity News 10 hours ago

A sophisticated global botnet campaign targeting VOIP-enabled routers and devices configured with default credentials.  The discovery began when analysts noticed an unusual cluster of malicious IP addresses concentrated in rural New Mexico, leading to the identification of approximately 500 compromised devices worldwide. Key Takeaways1. Hackers are exploiting VOIP routers with default Telnet passwords to build […]

Score
59
98.0% similarity
Read more
2
New VoIP Botnet Targets Routers Using Default Passwords

New VoIP Botnet Targets Routers Using Default Passwords

GB Hackers 1 day ago

New VoIP Botnet Targets Routers Using Default Passwords Cybersecurity researchers have uncovered a sophisticated botnet operation exploiting VoIP-enabled routers through default password attacks, with initial activity concentrated in rural New Mexico before expanding globally to compromise approximately 500 devices. Thediscoverybegan when GreyNoise Intelligence engineers noticed an unusual cluster of malicious IP addresses originating from a sparsely populated region of New Mexico with just over

Score
48
98.0% similarity
Read more