Dangerous New Botnet Targets Millions of Security Cameras and Home Routers

Dangerous New Botnet Targets Millions of Security Cameras and Home Routers

New Mirai Botnet Variant Targets Network Video Recorders and Routers

A sophisticated Mirai-based botnet campaign has emerged, actively exploiting multiple vulnerabilities in network devices since October. The attack primarily targets DigiEver DS-2105 Pro NVRs, TP-Link routers, and Teltonika RUT9XX devices.

Key Vulnerabilities:
– Unpatched remote code execution flaw in DigiEver NVRs
– CVE-2023-1389 affecting TP-Link devices
– CVE-2018-17532 in Teltonika RUT9XX routers

Attack Methodology:
The botnet exploits the ‘/cgi-bin/cgi_main.cgi’ URI in DigiEver NVRs, allowing unauthenticated attackers to inject commands through HTTP POST requests. Once compromised, devices are enlisted into the botnet through malware installation and maintained through cron jobs.

Technical Characteristics:
– Implements XOR and ChaCha20 encryption
– Targets multiple system architectures (x86, ARM, MIPS)
– Uses advanced decryption methods, showing evolution from traditional Mirai variants

Impact:
Compromised devices are utilized for:
– Distributed Denial of Service (DDoS) attacks
– Further malware propagation
– Network exploitation

Akamai researchers have provided IoCs and Yara rules for threat detection and prevention. The campaign, initially discovered by TXOne researcher Ta-Lun Yen, continues to pose a significant security risk to outdated network devices.

Share This Article