CyberSecurity news
FlagThis
@securityonline.info
//
GreyNoise has observed a significant surge, approximately three times the typical level, in exploitation attempts targeting TVT NVMS9000 DVRs. The peak of this activity occurred on April 3, 2025, with over 2,500 unique IP addresses involved in scanning for vulnerable devices. This vulnerability is an information disclosure flaw that allows attackers to gain administrative control over affected systems, essentially bypassing authentication and executing commands without restriction. Countless prior reports have identified the TVT NVMS9000 DVR as a target for botnet recruitment, including a GreyNoise update in early March 2025.
The exploitation activity is strongly suspected to be associated with the Mirai botnet, a notorious threat known for targeting vulnerabilities in IoT devices. GreyNoise has identified sufficient overlap with Mirai to support this attribution. Manufactured by TVT Digital Technology Co., Ltd., based in Shenzhen, the NVMS9000 DVRs are used in security and surveillance systems for recording, storing, and managing video footage from security cameras. The company reports serving customers in over 120 countries.
The majority of the malicious IP addresses involved in the exploitation attempts originate from the Asia-Pacific (APAC) region, specifically Taiwan, Japan, and South Korea. However, the top target countries are the United States, United Kingdom, and Germany. Organizations using the NVMS9000 DVR or similar systems are advised to take immediate action to secure their devices. Recommended mitigations include blocking known malicious IP addresses, applying all available patches, restricting public internet access to DVR interfaces, and closely monitoring network traffic for signs of unusual scanning or exploitation attempts.
ImgSrc: securityonline.
References :
The exploitation activity is strongly suspected to be associated with the Mirai botnet, a notorious threat known for targeting vulnerabilities in IoT devices. GreyNoise has identified sufficient overlap with Mirai to support this attribution. Manufactured by TVT Digital Technology Co., Ltd., based in Shenzhen, the NVMS9000 DVRs are used in security and surveillance systems for recording, storing, and managing video footage from security cameras. The company reports serving customers in over 120 countries.
The majority of the malicious IP addresses involved in the exploitation attempts originate from the Asia-Pacific (APAC) region, specifically Taiwan, Japan, and South Korea. However, the top target countries are the United States, United Kingdom, and Germany. Organizations using the NVMS9000 DVR or similar systems are advised to take immediate action to secure their devices. Recommended mitigations include blocking known malicious IP addresses, applying all available patches, restricting public internet access to DVR interfaces, and closely monitoring network traffic for signs of unusual scanning or exploitation attempts.
ImgSrc: securityonline.
Share:
References :
- The GreyNoise Blog: GreyNoise Observes 3X Surge in Exploitation Attempts Against TVT DVRs — Likely Mirai
- bsky.app: New Mirai botnet behind surge in TVT DVR exploitation
- BleepingComputer: New Mirai botnet behind surge in TVT DVR exploitation
- securityonline.info: TVT DVRs Under Siege: Massive Exploitation Attempts Expose Critical Flaw
- The DefendOps Diaries: Explore the resurgence of the Mirai botnet, its global impact, and advanced exploitation techniques targeting IoT devices.
- Cyber Security News: GreyNoise has detected a significant rise in exploitation attempts targeting TVT NVMS9000 DVRs, a line of digital video recorders primarily used in security and surveillance systems.
- www.scworld.com: Deluge of TVT DVR exploitation attempts likely due to Mirai-based botnet
- bsky.app: A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices.
- cyberpress.org: Mirai Botnet Variant Targets TVT DVRs to Seize Administrative Control
Classification:
- HashTags: #IoTsecurity #MiraiBotnet #DVRvulnerability
- Company: GreyNoise
- Target: TVT DVRs
- Attacker: Mirai
- Product: NVMS9000 DVRs
- Feature: Exploitation
- Malware: Mirai
- Type: Malware
- Severity: Major