Aquabotv3 Botnet Targets Mitel Flaw in New Attack Campaign

Akamai researchers have identified Aquabotv3, a new variant of the Mirai-based botnet malware, exploiting the CVE-2024-41710 vulnerability in Mitel SIP phones. This command injection flaw allows attackers to execute arbitrary commands by manipulating device configurations during boot. Mitel had released patches for the issue in July 2024, but Aquabotv3 is the first documented case of it being actively exploited.

Aquabotv3's unique capability to report kill signals to its command-and-control server sets it apart from typical botnets, enabling better operational monitoring. The malware spreads by brute-forcing device credentials and targeting other IoT vulnerabilities, such as TP-Link and Dasan router bugs.

Once devices are infected, Aquabotv3 recruits them for distributed denial-of-service (DDoS) attacks, with operators advertising the service on Telegram as a "testing tool" for DDoS defenses. Akamai has published indicators of compromise and detection rules to help organizations defend against this emerging threat.

Read more...

Read More

Comments

Loading... Logging you in...
  • Logged in as
There are no comments posted yet. Be the first one!

Post a new comment

Comments by