CyberSecurity news

FlagThis

@www.bleepingcomputer.com //
A new Mirai botnet variant, named Aquabot, has emerged, actively exploiting a command injection vulnerability, identified as CVE-2024-41710, in Mitel SIP phones. This malware targets Mitel 6800, 6900, and 6900w series phones, including the 6970 Conference Unit, and is being used to construct a botnet for launching distributed denial-of-service (DDoS) attacks. The Aquabot malware utilizes a proof-of-concept code previously published to spread to vulnerable devices.

The Aquabot botnet stands out due to its novel ability to communicate with its command and control server when it detects a kill signal attempting to terminate the malware on an infected device. This behaviour is new for a Mirai variant, and could be a method for the botnet author to monitor its health. The exploit, discovered in January 2025, roughly six months after the vulnerability was publicly disclosed by Mitel, injects a shell script that downloads and executes the Mirai malware onto targeted systems.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • ciso2ciso.com: Aquabot Botnet Targeting Vulnerable Mitel Phones – Source: www.securityweek.com
  • ciso2ciso.com: A Mirai-based malware family, Aquabot, started targeting vulnerable Mitel SIP phones to build a botnet for DDoS attacks.
  • The Register: A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Team.
  • go.theregister.com: Why is my Mitel phone DDoSing strangers?
  • Pyrzout :vm:: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet – Source: go.theregister.com
  • ciso2ciso.com: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
  • The Hacker News: New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
  • www.theregister.com: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
  • www.bleepingcomputer.com: New Aquabotv3 Botnet Malware Targets Mitel Command Injection Flaw
  • AAKL: The Register: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
  • gbhackers.com: New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
  • securityaffairs.com: Aquabot, a new variant of Mirai-based malware, actively targeting Mitel SIP phones.
  • gbhackers.com: New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
  • BleepingComputer: New Aquabotv3 botnet malware targets Mitel command injection flaw
Classification:
  • HashTags: #Aquabot #Mitel #Botnet
  • Company: Mitel
  • Target: Mitel Phones
  • Product: Mitel SIP phones
  • Feature: command injection
  • Malware: Aquabot
  • Type: Malware
  • Severity: Major