Summary: A variant of the Mirai botnet, named Aquabot, is actively exploiting a medium-severity security flaw in Mitel phones (CVE-2024-41710) to create a network for launching DDoS attacks. The vulnerability allows command injection during the boot process and affects multiple Mitel phone series. Despite Mitel addressing the flaw, active exploitation attempts have been detected, indicating ongoing risks from the botnet and various vulnerabilities being targeted.
Affected: Mitel 6800 Series, 6900 Series, 6900w Series SIP Phones, Mitel 6970 Conference Unit
Keypoints :
- Active exploitation of CVE-2024-41710 has been occurring since early January 2025.
- Aquabot executes shell scripts to retrieve and install the botnet on infected devices.
- The botnet offers compromised hosts as a DDoS service on Telegram under various aliases.
- Threat actors mislead by claiming the botnet is solely for DDoS mitigation testing.
Source: https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html