New Mirai-Inspired Botnet Could Be Using Your KGUARD DVRs in Cyber Attacks

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called “mirai_ptea” that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.

Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.

Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called “mirai_ptea” that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.

Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.

Besides using Tor Proxy to communicate with the command-and-control (C2) server, an analysis of the mirai_ptea sample revealed extensive encryption of all sensitive resource information, which is decoded to establish a connection with the C2 server and retrieve attack commands for execution, including launching DDoS attacks.

“The geographic distribution of bot source IPs is […] mainly concentrated in the United States, Korea and Brazil,” the researchers noted, with infections reported across Europe, Asia, Australia, North and South America, and parts of Africa.

Source: https://thehackernews.com/2021/07/new-mirai-inspired-botnet-could-be.html