- Greynoise says that the scanning for vulnerable TVT DVRs are increasing
- More than 2,500 unique IP addresses were hunting at one point
- A vulnerability of 2024 allows the threat actors to execute administration commands on the device
The Mirai Botnet operators are actively looking for vulnerable TVT DVRs to assimilate them to the disastrous network, cybersecurity researchers Graynoise have revealed after observing a peak in exploitation attempts.
In May 2024, SSD’s safe dissemination safety researchers reported a vulnerability that affected the DVR NVMS9000 built by the TVT digital technology manufacturer based in Shenzhen. Vulnerability was described as an authentication bypass, allowing threat actors to execute administration commands on the device incessantly.
It was said that all versions prior to 1.3.4 were affected, but a patch was released and versions 1.3.4 and the new ones were no longer vulnerable.
“There are no malicious files housed”
Users who do not monitor updates and do not give their systems in time are now at risk. Greynoise said that April 3 reached its maximum point, with more than 2,500 unique IP addresses scanning for vulnerable final points. We do not know how many of these DVR there are or how large the attack surface could be.
The researchers said that the malware that is being displayed in the DVR is linked to Mirai, one of the most infamous botnets in the history of cybersecurity. Mirai is generally aimed at intelligent devices, Internet devices (IoT) and hardware connected to the Internet, and is used to execute distributed denial attacks (DDOS).
Greynoise said that in the last 30 days he recorded 6,600 unique IP addresses associated with this activity. It was confirmed that all directions were malicious. Mainly they came from Taiwan, Japan and South Korea, directing devices in the United States, the United Kingdom and Germany.
Mirai operators are quite active this year. In mid -January, it was learned that they went to the industrial routers vulnerable to a zero day. A few weeks later, Akamai’s security researchers said they were caught a new Botnet variant aimed at commercial telephone devices built by Mitel.
Through Bleepingcomputer
