1. Forum
  2. FidoNET
  3. CONSPRCY

  • Watch out, your office ph

    From Mike Powell@1:2320/105 to All on Friday, January 31, 2025 10:29:00
    Watch out, your office phone could be hijacked into a Mirai botnet

    Date:
    Thu, 30 Jan 2025 15:29:00 +0000

    Description:
    Hackers are abusing a flaw in Mitel phones to run DDoS attacks, report claims.

    FULL STORY

    Security researchers from Akamai have caught a new variant of the infamous Mirai botnet targeting business phone devices built by Mitel.

    Mitel provides business communication solutions, including VoIP , unified communications, and contact center services, but according to Akamai, the devices - namely Mitel 6800, 6900, and 6900w series of SIP desk phones, together with the 6970 Conference Unit, running on firmware R6.4.0.HF1 (R6.4.0.136) - are vulnerable to a command injection flaw tracked as CVE-2024-41710.

    This is a medium-severity bug (6.8/10) that allows an attacker to execute arbitrary commands within the context of the system.

    Reporting counter-attacks

    A threat actor took advantage of this flaw to deploy Aquabotv3, a new variant of Mirai, arguably the most destructive botnet out there. Aquabot allows its operators to run Distributed Denial of Service (DDoS) attacks.

    This version also comes with a unique and uncommon feature that most likely serves to help threat actors track the health of the botnet. When a victim spots the malware on its device and tries to remove it, Aquabot will react
    and send the information about the attempt back to its command & control (C2) server.

    The best way to defend against Aquabot and other Mirai variants is to keep
    the endpoints updated. Mitel patched this particular vulnerability in July 2024, so if youre using these phones in your organization, make sure to apply the patch to mitigate any risks.

    Mirai and its variants continue to wreak havoc across cyberspace. In the last 30 days alone, there have been multiple news reports of different Mirai variants being spotted in the wild. For example, researchers from Juniper recently warned about a Mirai variant in late December 2024, and in early January 2025, Chinese researchers discovered a variant of Mirai with an offensive name targeting industrial routers.

    Via The Register

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-your-office-phone-could-be-hi jacked-into-a-mirai-botnet

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)