top of page
  • Admin

U.S. Businesses Using AT&T's EdgeMarc Device Attacked by Data-Stealing Botnet

Published: January 24, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

Researchers at China’s Qihoo 360 recently found a formerly unknown botnet was able to infiltrate an Edgewater Network device named EdgeMarc Enterprise Session Border Controller (ESBC). This communications device is used by many small-to-medium sized businesses. Belonging to telecom company AT&T, EdgeMarc ESBC is the device that supports a company’s real-time communications, including securing and managing video conferencing, phone calls, file sharing, chats, and more.

Although the flaw was first discovered in 2017 and patched in 2018, this botnet gives AT&T’s business customer’s and their IT staffs new reasons for concern about their EdgeMarc ESBC device and its data-stealing botnet. In an online posting, the Qihoo 360 researchers confirmed that this was indeed a new botnet to contend with although the flaw had already been patched.

The AT&T and EdgeMarc ESBC is the device that connects AT&T as the internet service provider (ISP) to organizations who use their real-time service. These session border controllers can access enormous amounts of sensitive data. This creates perfect attack environments for the data-hijacking botnets.

Qihoo 360 researchers alerted AT&T to their findings, telling them at the time, the 5,700 active victims were all located in the U.S. They also observed the botnet worming its way into one of their command-and-control (C&C) servers.

The researchers also observed the botnet “has undergone 3 versions of updates…and we presume that its main purpose is DDoS attacks and gathering of sensitive information.” It’s common for cybercriminals to improve botnets and other malware over time, making them more effective and stealthier than prior versions.

When asked about the botnet, an AT&T spokesperson commented “We previously identified this issue, have taken steps to mitigate it and continue to investigate. We have no evidence that customer data was accessed.” They refused any further comment.

With yet another security risk to contend with, IT pros can follow some basic rules of the road to help keep the AT&T botnet out of their systems and devices.

  • Don’t use wildcard SSL certificates. Although they’re less expensive to use, the security risk far outweighs the financial savings and help set up a data and device compromise situation.

  • When configuring new devices and systems, always change their default passwords.

  • Apply security patches as soon as possible. If your company is using AT&T’s EdgeMarc ESBC, regularly check to see if a new patch is available.

Want to schedule a conversation? Please email us at

bottom of page