By Nermeen Nabil Khear 
- A vulnerability in Mitel phones is being abused once again
- Hackers are using the bug to deploy a variant of Mirai and run DDoS attacks
- The variant is called Aquabot and comes with a few unique features
Security researchers from Akamai have caught a new variant of the infamous Mirai botnet targeting business phone devices built by Mitel.
Mitel provides business communication solutions, including VoIP, unified communications, and contact center services, but according to Akamai, the devices – namely Mitel 6800, 6900, and 6900w series of SIP desk phones, together with the 6970 Conference Unit, running on firmware R6.4.0.HF1 (R6.4.0.136) – are vulnerable to a command injection flaw tracked as CVE-2024-41710.
This is a medium-severity bug (6.8/10) that allows an attacker to execute arbitrary commands within the context of the system.
Reporting counter-attacks
A threat actor took advantage of this flaw to deploy Aquabotv3, a new variant of Mirai, arguably the most destructive botnet out there. Aquabot allows its operators to run Distributed Denial of Service (DDoS) attacks.
This version also comes with a unique and uncommon feature that most likely serves to help threat actors track the health of the botnet. When a victim spots the malware on its device and tries to remove it, Aquabot will react and send the information about the attempt back to its command & control (C2) server.
The best way to defend against Aquabot and other Mirai variants is to keep the endpoints updated. Mitel patched this particular vulnerability in July 2024, so if you’re using these phones in your organization, make sure to apply the patch to mitigate any risks.
Mirai and its variants continue to wreak havoc across cyberspace. In the last 30 days alone, there have been multiple news reports of different Mirai variants being spotted in the wild. For example, researchers from Juniper recently warned about a Mirai variant in late December 2024, and in early January 2025, Chinese researchers discovered a variant of Mirai with an offensive name targeting industrial routers.
Via The Register
You might also like
- Industrial routers are being hit by zero-days from new Mirai botnets
- Here’s a list of the best antivirus software
- These are the best DDoS protection services
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.