A new variant of the notorious Mirai malware, dubbed "Murdoc Botnet," has emerged as a serious threat to Internet of Things (IoT) devices worldwide. Security researchers at Qualys have uncovered an extensive operation that specifically targets Avtech cameras and Huawei HG532 routers.
The campaign, which began in July 2024, has already infected over 1,300 devices, primarily in Malaysia, Thailand, Mexico, and Indonesia. Researchers identified more than 100 distinct servers involved in distributing the malware and maintaining communication with compromised devices.
Technical Details
Murdoc Botnet exploits two major vulnerabilities:
- CVE-2024-7029: Affects Avtech cameras, allowing unauthorized command injection
- CVE-2017-17215: A remote code execution flaw in Huawei routers
The attack typically begins with the exploitation of these vulnerabilities to download malicious payloads. Researchers discovered over 500 samples containing malicious ELF files and shell scripts that are deployed onto targeted devices.
Global Impact
This new threat comes amid a larger wave of DDoS attacks affecting organizations across North America, Europe, and Asia. A parallel campaign, combining elements of Mirai and Bashlite malware, has been targeting major corporations and banks since late 2024.
Protection Measures
Security experts recommend several defensive strategies:
- Regular monitoring of network traffic and suspicious processes
- Blocking specific IP addresses and protocols using firewalls
- Implementing traffic filtering at network edges
- Setting connection limits per IP address
- Conducting real-time monitoring of high-volume connections
The emergence of Murdoc Botnet underscores the continuing evolution of Mirai-based threats, which have remained active since the original malware's source code leaked in 2016. Organizations are advised to strengthen their security posture against these sophisticated IoT-targeted attacks.