Aquabot Attack: Mitel SIP Phones Face New Mirai Malware Threat!

Akamai reports that Aquabot, a Mirai-based malware, is targeting Mitel SIP phones via a command injection vulnerability, CVE-2024-41710. Despite firmware updates, Aquabot’s antics continue, using HTTP POST requests to bypass sanitization checks and launch DDoS attacks. It’s like the phones joined a botnet flash mob, and nobody sent the memo!

3P
Published: January 29, 2025 12:21 pmAdded: January 29, 2025 at 4:47 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It seems like Mitel SIP phones have become the latest hot commodity for cyber crooks aiming to build their own botnet empire. Who knew that your conference call device could be moonlighting as a DDoS attack agent? Just when you thought your office phone couldn’t be any more annoying, it starts helping hackers crash websites. Talk about a hostile takeover!

Key Points:

  • Aquabot malware is targeting Mitel SIP phones using a Mirai-based approach.
  • The exploit uses CVE-2024-41710, a vulnerability in Mitel SIP phones, to carry out DDoS attacks.
  • Firmware updates to patch the vulnerability were released by Mitel in July 2024.
  • Initial exploitation attempts were observed by Akamai in January 2025.
  • Aquabot is also targeting other vulnerabilities in Hadoop YARN, Roxy-WI, and various routers.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?