New Mirai Botnet Targets Vulnerabilities in NVRs and Routers
/ 1 min read
🕵️♂️ New Mirai-based botnet exploits unpatched vulnerabilities in NVRs and routers. A recently identified Mirai variant is actively targeting unpatched remote code execution vulnerabilities in DigiEver DS-2105 Pro NVRs and outdated TP-Link routers, with attacks beginning as early as September. The botnet exploits a flaw that allows remote command injection via improperly validated user inputs, enabling attackers to enlist compromised devices into a botnet for distributed denial of service (DDoS) attacks. Researchers from Akamai noted the botnet’s use of advanced encryption methods and its ability to target various system architectures, indicating an evolution in tactics among Mirai operators. Indicators of compromise and detection rules are provided in Akamai’s report to help mitigate the threat.
