Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

New Mirai botnet targets TP-Link and Teltonika devices

Through command injection, attackers can fetch malware binaries hosted on external servers, facilitating the addition of compromised devices to the botnet

byKerem Gülen
December 25, 2024
in News, Cybersecurity
Home News
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A new Mirai-based botnet exploits vulnerabilities in several devices, focusing on unpatched DigiEver DS-2105 Pro NVRs, dated firmware on TP-Link routers, and Teltonika RUT9XX routers. The campaign commenced in October, with active exploitation traced back as far as September. Akamai researchers have confirmed ongoing attacks, which leverage multiple remote code execution flaws to enlist devices into the botnet for malicious activities.

New Mirai botnet exploits vulnerabilities in various devices

The botnet targets a specific remote code execution (RCE) vulnerability in DigiEver NVRs, which involves improper input validation in the ‘/cgi-bin/cgi_main.cgi’ URI. Hackers can remotely inject commands such as ‘curl’ and ‘chmod’ through parameters like the ntp field in HTTP POST requests. Ta-Lun Yen from TXOne previously highlighted this vulnerability, noting its impact on various DVR devices during a presentation at the DefCamp security conference.

In addition to the DigiEver flaw, the Mirai variant also exploits CVE-2023-1389 in TP-Link devices and CVE-2018-17532 in Teltonika RUT9XX routers. Researchers have noted that while the attacks on DigiEver devices have been directly observed by Akamai, they reflect similar methods previously described by Yen. The exploitation of these flaws supports a campaign aiming to establish a foothold in vulnerable devices.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Using TP-Link? Here’s why the U.S. may ban your router


Methodology and techniques used by attackers

Through command injection, attackers can fetch malware binaries hosted on external servers, facilitating the addition of compromised devices to the botnet. Once under control, the devices can be utilized to launch distributed denial of service (DDoS) attacks or facilitate further attacks on other targets. Persistence within the infected systems is maintained by introducing cron jobs, which ensure that the malware remains active despite potential reboots or other interruptions.

Akamai’s findings highlight that this new Mirai variant features advanced encryption methods, including XOR and ChaCha20, indicating evolving tactics among botnet operators. Unlike many previous iterations of Mirai, which relied on basic string obfuscation, this variant showcases an intent to improve evasion and operational security. It targets a diverse range of architectures, including x86, ARM, and MIPS, broadening its potential impact across various device types.

Akamai researchers urge device owners and administrators to adopt proactive measures, including monitoring for indicators of compromise (IoC), that they have made available along with Yara rules for detecting and blocking the emerging threat.


 

Featured image credit: Kerem Gülen/Midjourney  

Tags: tp-link

Related Posts

Samsung confirms One UI 9 Beta 4 release for next week

Samsung confirms One UI 9 Beta 4 release for next week

July 6, 2026
Sony to keep producing discs for pre-2028 PlayStation games

Sony to keep producing discs for pre-2028 PlayStation games

July 6, 2026
$TRUMP memecoin investors face .8 billion in losses

$TRUMP memecoin investors face $3.8 billion in losses

July 6, 2026
Tesla brings long-wheelbase Model Y to the US

Tesla brings long-wheelbase Model Y to the US

July 3, 2026
Opera adds protection against copy-paste ClickFix attacks

Opera adds protection against copy-paste ClickFix attacks

July 3, 2026
Cloudflare will block AI crawlers unless sites opt in

Cloudflare will block AI crawlers unless sites opt in

July 3, 2026

LATEST NEWS

Samsung confirms One UI 9 Beta 4 release for next week

Sony to keep producing discs for pre-2028 PlayStation games

$TRUMP memecoin investors face $3.8 billion in losses

Tesla brings long-wheelbase Model Y to the US

Opera adds protection against copy-paste ClickFix attacks

Cloudflare will block AI crawlers unless sites opt in

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Kaiber

KitchenGPT

Dupdub

Solvely

Typecast

Swimm

Instantchapters

Intellectia

ZipWP

Copyleaks – Plagiarism detector

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.