CyberSecurity news
@www.bleepingcomputer.com
//
A new Mirai botnet variant, named Aquabot, has emerged, actively exploiting a command injection vulnerability, identified as CVE-2024-41710, in Mitel SIP phones. This malware targets Mitel 6800, 6900, and 6900w series phones, including the 6970 Conference Unit, and is being used to construct a botnet for launching distributed denial-of-service (DDoS) attacks. The Aquabot malware utilizes a proof-of-concept code previously published to spread to vulnerable devices.
The Aquabot botnet stands out due to its novel ability to communicate with its command and control server when it detects a kill signal attempting to terminate the malware on an infected device. This behaviour is new for a Mirai variant, and could be a method for the botnet author to monitor its health. The exploit, discovered in January 2025, roughly six months after the vulnerability was publicly disclosed by Mitel, injects a shell script that downloads and executes the Mirai malware onto targeted systems.
References :
- ciso2ciso.com: Aquabot Botnet Targeting Vulnerable Mitel Phones – Source: www.securityweek.com
- ciso2ciso.com: A Mirai-based malware family, Aquabot, started targeting vulnerable Mitel SIP phones to build a botnet for DDoS attacks.
- The Register: A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Team.
- go.theregister.com: Why is my Mitel phone DDoSing strangers?
- Pyrzout :vm:: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet – Source: go.theregister.com
- ciso2ciso.com: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
- The Hacker News: New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks
- www.theregister.com: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
- www.bleepingcomputer.com: New Aquabotv3 Botnet Malware Targets Mitel Command Injection Flaw
- AAKL: The Register: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
- gbhackers.com: New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
- securityaffairs.com: Aquabot, a new variant of Mirai-based malware, actively targeting Mitel SIP phones.
- gbhackers.com: New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability
- BleepingComputer: New Aquabotv3 botnet malware targets Mitel command injection flaw
Classification:
- HashTags: #Aquabot #Mitel #Botnet
- Company: Mitel
- Target: Mitel Phones
- Product: Mitel SIP phones
- Feature: command injection
- Malware: Aquabot
- Type: Malware
- Severity: Major