Security News > 2021 > July > New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called "Mirai ptea" that leverages an undisclosed vulnerability in digital video recorders provided by KGUARD to propagate and carry out distributed denial-of-service attacks.

Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.

The Mirai botnet, since emerging on the scene in 2016, has been linked to a string of large-scale DDoS attacks, including one against DNS service provider Dyn in October 2016, causing major internet platforms and services to remain inaccessible to users in Europe and North America.

Numerous variants of Mirai have sprung up on the threat landscape, in part due to the availability of its source code on the Internet.

Not much has been disclosed about the security flaw in an attempt to prevent further exploitation, but the researchers said the KGUARD DVR firmware had vulnerable code prior to 2017 that enabled remote execution of system commands without authentication.

Besides using Tor Proxy to communicate with the command-and-control server, an analysis of the mirai ptea sample revealed extensive encryption of all sensitive resource information, which is decoded to establish a connection with the C2 server and retrieve attack commands for execution, including launching DDoS attacks.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/GNF24HKcybw/new-mirai-inspired-botnet-could-be.html