New Murdoc botnet targets AVTECH cameras and Huawei routers for large-scale DDoS attacks

New Murdoc botnet targets AVTECH cameras and Huawei routers for large-scale DDoS attacks

A new variant of the Mirai malware has been discovered that targets vulnerabilities in AVTECH cameras and Huawei routers. Spotted by cybersecurity firm Qualys, the new strain, dubbed Murdoc Botnet, has been actively infecting devices for the past six months, impacting thousands of IP addresses globally.

The Murdoc Botnet exploits known vulnerabilities in AVTECH IP cameras and Huawei HG532 routers to gain access to these devices and ensnare them into a vast network of compromised systems. According to Qualys, at least 1,300 active IP addresses have been involved in the campaign since it began in mid-2024. The infected devices are being used to execute large-scale Distributed Denial-of-Service (DDoS) attacks, disrupting services and causing significant network congestion.

The malware leverages vulnerabilities such as CVE-2024-7029 and CVE-2017-17215 that allow attackers to breach the IoT devices remotely. Once a device is compromised, it is used to fetch and install additional payloads, including ELF binaries and shell scripts.

The Murdoc Botnet has been active since July 2024, particularly in regions such as Malaysia, Thailand, Mexico, and Indonesia. The botnet operates through an extensive network of over 100 command-and-control servers, which are used to manage the compromised devices and push new updates to the malware.

Back to the list

Latest Posts

Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

Four key distributors of encrypted communications service Sky ECC arrested in Spain and Netherlands

The two men arrested in Spain are accused of overseeing the global distribution of Sky ECC devices and software.
12 February 2025
Sandworm APT targets Ukraine with trojanized Microsoft KMS activation tools

Sandworm APT targets Ukraine with trojanized Microsoft KMS activation tools

The attackers utilized a BACKORDER loader to deploy DarkCrystal RAT.
12 February 2025
North Korean Kimsuky adopted a new tactic to infiltrate targets

North Korean Kimsuky adopted a new tactic to infiltrate targets

The new tactic involves the threat actor tricking individuals into executing PowerShell commands as administrators.
12 February 2025