Unpatched, old vulnerabilities in networking devices have allowed a noxious malware to infect thousands of AT&T customers in the U.S. The malware basically functions as a backdoor, one that could allow an attacker to penetrate networks, steal data, and other unsavory activity targeted at least 5,700 U.S. based AT&T subscribers.
The malware appears to have seeped into users’ enterprise network edge devices via a bug that was originally discovered back in 2017. Edge devices, which help businesses connect their networks to ISPs, are common targets for malware infection and cyberattacks.
The affected devices are EdgeMarc Enterprise Session Border Controllers, produced by Ribbon Communications (formerly named Edgewater), which are commonly used by smaller and mid-sized businesses to manage and secure internal communications like voice and video-call.
The malware compromised these controllers via a bug, tracked as CVE-2017-6079, for which a patch was ostensibly issued way back in 2018.
The malware in question apparently has the capability to enable DDoS attacks, port scanning, file management, and the execution of arbitrary commands meaning, basically, that an attacker could have quite a field day with your network. Data theft and the disruption of services.
All 5.7k active victims that we saw during the short time window were all geographically located in the US. The number of devices using the same TLS certificate is apparently about 100,000.
Indicators of Compromise
- port: 53， 443，13433