Neues Botnet nutzt Schwachstellen in NVRs und TP-Link-Routern aus

Teilen:

A new Mirai-based botnetis actively exploiting a remote code execution vulnerability that has not received a tracker number and appears to be unpatched in DigiEver DS-2105 Pro NVRs.

The campaign started in October and targets multiple network video recorders and TP-Link routers with outdated firmware.

One of the vulnerabilities used in the campaign was documented by TXOne researcher Ta-Lun Yen and presented last year at the DefCamp security conference in Bucharest, Romania. The researcher said at the time that the issue affects multiple DVR devices.

Akamai researchers observed that the botnet started to exploit the flaw in mid-November, but found evidence that the campaign has been active since at least September.

Apart from the DigiEver flaw, the new Mirai malware variant also targets CVE-2023-1389 on TP-Link devices and CVE-2018-17532 on Teltonika RUT9XX routers.

Attacks on DigiEver NVRs

The vulnerability exploited to compromise DigiEver NVRs is a remote code execution (RCE) flaw and the hackers are targeting the ‘/cgi-bin/cgi_main. cgi’ URI, which improperly validates user inputs.

This allows remote unauthenticated attackers to inject commands like ‘curl’ and ‘chmod’ via certain parameters, such as the ntp field in HTTP POST requests.

Akamai says that the attacks it has seen by this Mirai-based botnet appear similar to what is described in Ta-Lun Yen’s presentation.

Through command injection, the attackers fetch the malware binary from an external server and enlist the device into its botnet. Persistence is achieved by adding cron jobs.

Once the device is compromised, it is then used to conduct distributed denial of service (DDoS) attacks or to spread to other devices by leveraging exploit sets and credential lists.

Akamai says the new Mirai variant is notable for its use of XOR and ChaCha20 encryption and its targeting of a broad range of system architectures, including x86, ARM, and MIPS.

“Although employing complex decryption methods isn’t new, it suggests evolving tactics, techniques, and procedures among Mirai-based botnet operators,” comments Akamai.

“This is mostly notable because many Mirai-based botnets still depend on the original string obfuscation logic from recycled code that was included in the original Mirai malware source code release,” the researchers say.

The researchers note that the botnet also exploits CVE-2018-17532, a vulnerability in Teltonika RUT9XX routers as well as CVE-2023-1389, which impacts TP-Link devices.

Indicators of compromise (IoC) associated with the campaign are available at the end of Akamai’s report, along with Yara rules for detecting and blocking the threat.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
7:19 am, Juli 4, 2025
Wetter-Symbol 16°C
L: 14° | H: 17°
broken clouds
Luftfeuchtigkeit: 68 %
Druck: 1028 mb
Wind: 6 mph SW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 58%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:49 am
Sonnenuntergang: 9:19 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
14° | 17°°C 0 mm 0% 13 mph 61 % 1028 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
15° | 18°°C 1 mm 100% 11 mph 92 % 1021 mb 0 mm/h
So. Juli 06 10:00 pm
Wetter-Symbol
15° | 20°°C 0.23 mm 23% 10 mph 92 % 1010 mb 0 mm/h
Mo. Juli 07 10:00 pm
Wetter-Symbol
14° | 19°°C 1 mm 100% 12 mph 74 % 1015 mb 0 mm/h
Di. Juli 08 10:00 pm
Wetter-Symbol
13° | 25°°C 0 mm 0% 9 mph 77 % 1021 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
17° | 20°°C 0 mm 0% 6 mph 61 % 1028 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
21° | 24°°C 0 mm 0% 9 mph 42 % 1027 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
25° | 25°°C 0 mm 0% 12 mph 25 % 1024 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 13 mph 26 % 1023 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 10 mph 41 % 1023 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 10 mph 49 % 1021 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
16° | 16°°C 0 mm 0% 9 mph 57 % 1019 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
16° | 16°°C 0 mm 0% 11 mph 65 % 1018 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€92,486.52
-0.46%
Ethereum(ETH)
€2,172.26
-1.43%
Fesseln(USDT)
€0.85
0.00%
XRP(XRP)
€1.90
-1.52%
Solana(SOL)
€129.38
-2.02%
USDC(USDC)
€0.85
-0.01%
Dogecoin(DOGE)
€0.143214
-3.02%
Shiba Inu(SHIB)
€0.000010
-2.71%
Pepe(PEPE)
€0.000008
-7.26%
Nach oben scrollen