Summary: A new variant of the Mirai-based botnet malware, Aquabotv3, is exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. Discovered by Akamai’s SIRT, this variant demonstrates unusual behavior by reporting back kill attempts to its command-and-control server. Mitel has released fixes for the vulnerability, but attacks targeting it have already been documented.
Affected: Mitel SIP Phones (6800 Series, 6900 Series, 6900w Series)
Keypoints :
- Aquabotv3 is the third variant of the Aquabot malware family, focusing on exploiting command injection vulnerabilities in Mitel SIP phones.
- The malware utilizes a known proof-of-concept to execute arbitrary commands and can propagate to other vulnerable devices on the same network.
- Akamai has provided indicators of compromise (IoC) and detection rules to help identify and mitigate threats from Aquabotv3.