FlagThis

CyberSecurity updates
2025-02-23 21:24:22 Pacfic
bleepingcomputer.com
Aquabot botnet exploits Mitel SIP flaws - 24d
Read more: www.bleepingcomputer.com

A new Mirai botnet variant, named Aquabot, has emerged, actively exploiting a command injection vulnerability, identified as CVE-2024-41710, in Mitel SIP phones. This malware targets Mitel 6800, 6900, and 6900w series phones, including the 6970 Conference Unit, and is being used to construct a botnet for launching distributed denial-of-service (DDoS) attacks. The Aquabot malware utilizes a proof-of-concept code previously published to spread to vulnerable devices.

The Aquabot botnet stands out due to its novel ability to communicate with its command and control server when it detects a kill signal attempting to terminate the malware on an infected device. This behaviour is new for a Mirai variant, and could be a method for the botnet author to monitor its health. The exploit, discovered in January 2025, roughly six months after the vulnerability was publicly disclosed by Mitel, injects a shell script that downloads and executes the Mirai malware onto targeted systems.

Original img attribution: https://www.bleepstatic.com/content/hl-images/2025/01/29/0_aquabot.jpg
ImgSrc: www.bleepstatic.com
References:
  • ciso2ciso.com - Aquabot Botnet Targeting Vulnerable Mitel Phones – Source: www.securityweek.com - 24d
  • CISO2CISO.COM & CYBER SECURITY GROUP - A Mirai-based malware family, Aquabot, started targeting vulnerable Mitel SIP phones to build a botnet for DDoS attacks. - 24d
  • @theregister - A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Te - 24d
  • go.theregister.com - Why is my Mitel phone DDoSing strangers? - 24d
  • @jos1264 - Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet – Source: go.theregister.com - 24d
  • ciso2ciso.com - Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet - 24d
  • The Hacker News - New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks - 24d
  • www.theregister.com - Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet - 24d
  • www.bleepingcomputer.com - New Aquabotv3 Botnet Malware Targets Mitel Command Injection Flaw - 23d
  • @AAKL - The Register: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet - 23d
  • gbhackers.com - New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability - 23d
  • Security Affairs - Aquabot, a new variant of Mirai-based malware, actively targeting Mitel SIP phones. - 23d
  • GBHackers Security | #1 Globally Trusted Cyber Security News Platform - New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability - 23d
  • @BleepingComputer - New Aquabotv3 botnet malware targets Mitel command injection flaw - 23d

Classification:
  • HashTags: Aquabot Mitel Botnet
  • Company: Mitel
  • Target: Mitel Phones
  • Product: Mitel SIP phones
  • Feature: command injection
  • Type: Malware
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.