DigiEver Fix That IoT Thing!
Essential information
- Published
- 27/12/2024 14:20
- Modified
- 27/12/2024 14:22
- Tags
- 2024-12-27 digiever iot mirai tp-link
- Related entities
- 32 observables, 3 techniques (mitre), 1 malware
Description
In mid-November 2024, the Akamai SIRT discovered an uptick in activity targeting the URI /cgi-bin/cgi_main.cgi in our global network of honeypots. This activity appears to be part of a recent ongoing Mirai-based malware campaign dating back to at least October 2024. Further investigation into this campaign revealed a new botnet that calls itself the “Hail C*ck Botnet” that’s been active since at least September 2024. Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.