TP-Link and NR routers targeted by worrying new botnet  | amznusa.com


  • Researchers discovered multiple vulnerable endpoints being targeted by a new Mirai variant
  • The endpoints are assimilated into a botnet and used for DDoS attacks
  • The vulnerabilities used in the attack are years old

Mirai, an infamous botnet targeting Internet of Things (IoT) devices to use in Distributed Denial of Service (DDoS) attacks, has gotten a new variant which is now targeting multiple vulnerable devices, experts hae warned.

The malware is reportedly going after DigiEver DS-2105 Pro NVRs, multiple TP-Link routers with outdated firmware, and Teltonika RUT9XX routers. For DigiEver, Mirai is abusing an unpatched remote code execution (RCE) vulnerability that doesn’t even have a tracking number.

For TP-Link, Mirai abuses CVE-2023-1389, and for Teltonika, it’s going for CVE-2018-17532. It’s worth noting that the TP-Link flaw is a year old, while the Teltonika one is roughly six years old. That means that the crooks are mostly targeting organizations with poor cybersecurity and patching practices.

Mirai is an active threat

The campaign most likely started in September or October 2024, and according to researchers from Akamai, uses XOR and ChaCha20 encryption, and targets different system architectures, including ARM, MIPS, and x86.

“Although employing complex decryption methods isn’t new, it suggests evolving tactics, techniques, and procedures among Mirai-based botnet operators,” Akamai said.

“This is mostly notable because many Mirai-based botnets still depend on the original string obfuscation logic from recycled code that was included in the original Mirai malware source code release.”

Experts from Juniper Research recently warned Mirai operators were looking for easy-to-compromise Session Smart routers.

“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms,” Juniper said in its security advisory.

Researchers also recently reported cybercriminals were exploiting a flaw in the AVM1203, a surveillance camera model designed and sold by Taiwanese manufacturer AVTECH, to hijack the endpoints and assimilate them into the Mirai botnet.

Via BleepingComputer

You might also like

 

This articles is written by : Fady Askharoun Samy Askharoun

All Rights Reserved to Amznusa www.amznusa.com

Why Amznusa?

AMZNUSA is a dynamic website that focuses on three primary categories: Technology, e-commerce and cryptocurrency news. It provides users with the latest updates and insights into online retail trends and the rapidly evolving world of digital currencies, helping visitors stay informed about both markets.