https://www.akamai.com/blog/security-research/2024-corona-mirai-botnet-infects-zero-day-sirt
A critical zero-day vulnerability in AVTECH IP cameras is being weaponized to spread the notorious Mirai botnet, posing a serious threat to industrial control systems and critical infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning in early August about the remote code execution (RCE) vulnerability, which has now been exploited to infect vulnerable devices with Mirai cryptominer malware.
Researchers at Akamai discovered that the Mirai botnet campaign was leveraging a variety of known vulnerabilities but was primarily focusing on the zero-day command injection flaw in AVTECH CCTV cameras (CVE-2024-7029). Despite the affected camera models being discontinued, they remain widely deployed in critical infrastructure sectors.
Due to the lack of a patch, operators are urged to physically remove and replace the vulnerable devices with more secure alternatives. “If there is no way to remediate a threat, decommissioning the hardware and software is the recommended way to mitigate security risks,” Akamai researchers advised.
The CISA advisory highlighted the widespread use of AVTECH IP cameras across critical infrastructure, including commercial facilities, financial services, healthcare, and public health.
Akamai’s researchers emphasized the growing trend of threat actors exploiting vulnerabilities before they are publicly disclosed. “A vulnerability without a formal CVE assignment may still pose a significant threat to your organization,” they stated. “Malicious actors who operate these botnets have been using new or under-the-radar vulnerabilities to proliferate malware.”