Blog
Share This Post
[ad_1]
BleepingComputer reports that intrusions involving a new Mirai-based botnet have been targeting Teltonika RUT9XX routers impacted by the CVE-2018-17532 flaw, TP-Link devices affected by CVE-2023-1389, and DigiEver DS-2105 Pro network video recorders with a yet-to-be patched remote code execution vulnerability as part of an attack campaign believed to have commenced in September.
After facilitating command injection through DigiEver NVR’s “/cgi-bin/cgi_main. cgi” URI, threat actors proceeded to retrieve the new Mirai variant — which features multi-platform support, as well as ChaCha20 and XOR encryption — that allows the compromised device to be leveraged in distributed denial-of-service attacks, according to a report from Akamai.
Additional analysis showed similarities between the new attacks and intrusions initially disclosed by TXOne researcher Ta-Lun Yen at last year’s DefCamp security conference.
“Although employing complex decryption methods isn’t new, it suggests evolving tactics, techniques, and procedures among Mirai-based botnet operators. This is mostly notable because many Mirai-based botnets still depend on the original string obfuscation logic from recycled code that was included in the original Mirai malware source code release,” said Akamai researchers.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
