Kaspersky GReAT specialists have discovered a new modification of the Mirai botnet that actively attacks digital video recorders (DVRs) in Russia and other countries. The malware exploits the CVE-2024-3721 vulnerability, allowing attackers to seize devices and include them in the botnet.
The new version has key features:
- Bypassing analysis tools: the botnet recognizes virtual machines and emulators, making it difficult to study.
- Focus on DVR devices: video recorders are often used in security systems, making them valuable targets.
- Global scale: experts have identified more than 50,000 vulnerable devices worldwide.
Many of these bots are constantly looking for new devices to infect — this is done using flaws that have not been promptly eliminated in IoT devices and servers. After analyzing open sources, as part of the new campaign, we discovered more than 50,000 vulnerable digital video recorders in various countries on the network. This suggests that the discovered version of Mirai has many potential targets for attacks.
Kaspersky recommends:
- Change default passwords to complex combinations.
- Regularly update device firmware.
- Disable remote access if it is not needed.
- Monitor network activity for anomalies.
The Mirai botnet has been known since 2016, when its source code was published in open source. Since then, it has been repeatedly modified, and its new versions are becoming increasingly difficult to detect.
Read more on the topic:
A comprehensive cybersecurity service is planned to be launched by the provider Rostelecom
New servers from the company "Мультиллект" shown at CIPR-2025
Espionage and complex cyberattacks: how hacker attacks on industry and telecom have changed
