- Security Researchers Observe New Botnet Campaign Called Murdoc
- Its attacks target IP cameras and routers
- More than 1,000 devices identified as compromised
Cybersecurity researchers at Qualys Threat Research have observed a new large-scale operation exploiting vulnerabilities in IP cameras and routers to create a botnet.
In a technical analysis, Qualys said attackers primarily exploited CVE-2017-17215 and CVE-2024-7029, seeking to compromise AVTECH IP cameras and Huawei HG532 routers. The botnet is essentially Mirai, although in this case he was nicknamed Murdoc.
Qualys said Murdoc demonstrated “enhanced capabilities, exploiting vulnerabilities to compromise devices and establish large botnets.”
The persevering Mirai
The campaign likely began in July 2024 and has so far managed to compromise 1,370 systems. Most of the victims are in Malaysia, Mexico, Thailand, Indonesia and Vietnam.
With a network of internet-connected devices (bots) under their control, bad actors can launch distributed denial-of-service (DDoS) attacks, causing websites and services to go down, disrupting operations, and causing financial damage and reputation.
Mirai is a very popular botnet malware. Created by three students in the United States: Paras Jha, Josiah White and Dalton Norman, Mirai became infamous in 2016 after orchestrating a large-scale DDoS attack against Dyn, which temporarily disrupted major websites including Netflix and Twitter .
The creators posted the source code online, just before their arrest in 2017. They pleaded guilty to using the botnet for DDoS attacks and other schemes.
As law enforcement continues to target and disrupt the botnet, it has shown great resilience and continues to be active to this day.
Less than two weeks ago, a Mirai variant named “gayfemboy” was discovered exploiting a bug in Four-Faith industrial routers. Although clearly derived from Mirai, this new version differs greatly, abusing more than 20 vulnerabilities and targeting weak Telnet passwords. Some vulnerabilities have never been observed before and do not yet have a CVE assigned. Among them are bugs in Neterbit routers and Vimar smart home devices.
