- Researchers Discovered Multiple Vulnerable Endpoints Targeted by New Mirai Variant
- The endpoints are assimilated to a botnet and are used for DDoS attacks.
- The vulnerabilities used in the attack are years old
Mirai, an infamous botnet targeting Internet of Things (IoT) devices for use in distributed denial of service (DDoS) attacks, has received a new variant that now targets multiple vulnerable devices, experts have warned.
The malware reportedly attacks DigiEver DS-2105 Pro NVRs, several TP-Link routers with outdated firmware, and Teltonika RUT9XX routers. For DigiEver, Mirai is abusing an unpatched remote code execution (RCE) vulnerability that doesn’t even have a tracking number.
For TP-Link, Mirai abuses CVE-2023-1389, and for Teltonika, it opts for CVE-2018-17532. It’s worth noting that the TP-Link outage is a year old, while the Teltonika one is about six years old. That means criminals are primarily targeting organizations with poor cybersecurity practices and patches.
Mirai is an active threat.
The campaign most likely began in September or October 2024 and, according to Akamai researchers, uses XOR and ChaCha20 encryption and targets different system architectures, including ARM, MIPS, and x86.
“While the employment of complex decryption methods is not new, it suggests evolving tactics, techniques and procedures among Mirai-based botnet operators,” Akamai said.
“This is primarily notable because many Mirai-based botnets still rely on the original string obfuscation logic from recycled code that was included in the original version of the Mirai malware source code.”
Experts at Juniper Research recently warned that Mirai operators were looking for easy-to-compromise Session Smart routers.
“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms,” Juniper said in its security advisory.
Researchers also recently reported that cybercriminals were exploiting a flaw in the AVM1203, a surveillance camera model designed and sold by Taiwanese manufacturer AVTECH, to hijack endpoints and assimilate them into the Mirai botnet.
Through beepcomputer
