- A vulnerability in Mitel phones is being abused once again
- Hackers are using the bug to deploy a variant of Mirai and run DDoS attacks
- The variant is called Aquabot and comes with a few unique features
Security researchers from Akamai have caught a new variant of the infamous Mirai botnet targeting business phone devices built by Mitel.
Mitel provides business communication solutions, including VoIP, unified communications, and contact center services, but according to Akamai, the devices – namely Mitel 6800, 6900, and 6900w series of SIP desk phones, together with the 6970 Conference Unit, running on firmware R6.4.0.HF1 (R6.4.0.136) – are vulnerable to a command injection flaw tracked as CVE-2024-41710.
This is a medium-severity bug (6.8/10) that allows an attacker to execute arbitrary commands within the context of the system.
Reporting counter-attacks
A threat actor took advantage of this flaw to deploy Aquabotv3, a new variant of Mirai, arguably the most destructive botnet out there. Aquabot allows its operators to run Distributed Denial of Service (DDoS) attacks.
This version also comes with a unique and uncommon feature that most likely serves to help threat actors track the health of the botnet. When a victim spots the malware on its device and tries to remove it, Aquabot will react and send the information about the attempt back to its command & control (C2) server.
The best way to defend against Aquabot and other Mirai variants is to keep the endpoints updated. Mitel patched this particular vulnerability in July 2024, so if you’re using these phones in your organization, make sure to apply the patch to mitigate any risks.
Mirai and its variants continue to wreak havoc across cyberspace. In the last 30 days alone, there have been multiple news reports of different Mirai variants being spotted in the wild. For example, researchers from Juniper recently warned about a Mirai variant in late December 2024, and in early January 2025, Chinese researchers discovered a variant of Mirai with an offensive name targeting industrial routers.
Via The Register
You might also like
https://cdn.mos.cms.futurecdn.net/j5nuKLHzdc57fYKR4rjqeR-1200-80.jpg
Source link
