Connect with us

Hi, what are you looking for?



WordPress Attacks Powered by Router Botnet Drop Rapidly

A botnet powered by compromised home routers has been apparently shut down. It is unclear if the botnet operators decided to pull the plug on their operation or if the disruption was caused by law enforcement.

A botnet powered by compromised home routers has been apparently shut down. It is unclear if the botnet operators decided to pull the plug on their operation or if the disruption was caused by law enforcement.

Security firm Wordfence warned last month that tens of thousands of vulnerable routers from dozens of ISPs worldwide had been abused for brute-force and other types of attacks aimed at WordPress websites.

Researchers said the attackers may have hijacked the devices by exploiting some known vulnerabilities that users and ISPs had failed to patch, including the flaw dubbed “Misfortune Cookie.”

However, on Tuesday, Wordfence reported that the volume of attacks had started to drop significantly over the weekend, particularly on Sunday night, Pacific time. By Monday evening, the 30,000 or 40,000 attack attempts coming every hour from some ISPs had dropped to less than 5,000, and the frequency of the attacks continued to decrease.

Wordfence has not been able to determine what caused the apparent shut down of the botnet and it’s unclear if the situation is permanent or just temporary. However, the company believes we might know exactly in the next few weeks.

One possible scenario is that the attackers themselves decided to end their operation for some reason. Another possibility is that law enforcement or other entities managed to take down the command and control (C&C) servers used by the botnet.

Law enforcement agencies have been very busy targeting cybercriminal operations in recent weeks. In April, U.S. authorities announced efforts to disrupt and dismantle the Kelihos botnet. Two weeks later, Interpol reported that authorities in the ASEAN region worked with private companies to identify nearly 9,000 C&C servers and hundreds of compromised websites.

The recent attacks originating from routers had caused Wordfence and organizations such as Spamhaus to blacklist the offending IP addresses, which resulted in users being unable to access certain online services.

Advertisement. Scroll to continue reading.

“By reducing these attacks, this ensures those ISP customers have full internet access again,” said Wordfence’s Mark Maunder.

Related: 150,000 IoT Devices Abused for Massive DDoS Attacks on OVH

Related: Linux Trojan Brute Forces Routers to Install Backdoors

Related: Brute Force Attacks on WordPress Websites Soar 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.