Kaspersky GReAT specialists have discovered a new modification of the Mirai botnet, which is actively attacking digital video recorders (DVRs) in Russia and other countries. The malware exploits the CVE-2024-3721 vulnerability, allowing attackers to seize devices and include them in the botnet.
The new version has key features:
- Bypassing analysis tools: the botnet recognizes virtual machines and emulators, making it difficult to study.
- Focus on DVR devices: video recorders are often used in security systems, making them valuable targets.
- Global scale: experts have identified more than 50,000 vulnerable devices worldwide.
Many such bots are constantly looking for new devices to infect - this uses shortcomings that have not been promptly addressed in IoT devices and servers. After analyzing open sources, as part of the new campaign, we discovered more than 50 thousand vulnerable digital video recorders in various countries on the network. This suggests that the discovered version of Mirai has many potential targets for attacks.
Kaspersky recommends:
- Change default passwords to strong combinations.
- Regularly update device firmware.
- Disable remote access if it is not needed.
- Monitor network activity for anomalies.
The Mirai botnet has been known since 2016, when its source code was published in open access. Since then, it has been repeatedly modified, and its new versions are becoming increasingly difficult to detect.
Read more on this topic:
Rostelecom Provider Plans to Launch a Comprehensive Cybersecurity Service
New Servers from Multillekt Company Shown at CIPR-2025
Espionage and Complex Cyberattacks: How Hacking Attacks on Industry and Telecom Have Changed
