- Greynoise says that the digitizations for vulnerable TVT DVRs were boosted
- Over 2,500 unique IP addresses hunted at some point
- A 2024 vulnerability allows threat actors to execute administration orders on the device
Botnet Mirai operators are actively looking for vulnerable TVT DVRs to assimilate them in the harmful network, researchers in Greynoise cybersecurity revealed after having observed a peak of exploitation attempts.
In May 2024, SSD Secure Disclosure Safety Researchers reported a vulnerability affecting NVMS9000 DVRs built by the Digital TVT technology manufacturer based in Shenzhen. The vulnerability has been described as an authentication of authentication, allowing threat stakeholders to execute administration orders on the unsturrent apparatus.
All versions before 1.3.4 would have been affected, but a fix has been published and the 1.3.4 and more recent versions were no longer vulnerable.
“No hosted malware”
Users who do not follow updates and do not correct their systems in time are now in danger. Graynoise said that on April 3, the attack culminated, with more than 2,500 IP addresses, scanning vulnerable parameters. We do not know how many of these DVRs are or the size of the attack surface.
The researchers said that malware deployed on DVRs are linked to Mirai, one of the most infamous botnets in the history of cybersecurity. MIRAI generally targets smart devices, Internet objects (IOT) devices and connected to the Internet, and is used to execute distributed distributed service attacks (DDOS).
Graynoise said that during the last 30 days, he had recorded 6,600 unique IP addresses associated with this activity. All addresses have been confirmed as malicious. They mainly came from Taiwan, Japan and South Korea, targeting aircraft in the United States, the United Kingdom and Germany.
Mirai operators are quite active this year. In mid-January, the news announced that they were targeting vulnerable industrial routers a zero day. A few weeks later, Akamai security researchers said they had caught a new variant of the botnet targeting commercial telephone devices built by Mitel.
Via Bleeping Compompute
