Aquabot v3: The Botnet That Won’t Stop Bugging Mitel SIP Phones!

Aquabot variant v3 is after Mitel SIP phones, dragging them into its DDoS botnet shenanigans. This third version introduces signal-based communication, targeting the CVE-2024-41710 flaw. Despite its stealthy ambitions, Aquabot’s noise level might be its undoing. Mitel fans, update those firmware versions or risk joining the botnet circus!

Hot Take:

“Aquabot v3 is the cyber world’s equivalent of a teenager going through an identity crisis—it’s still Mirai at heart but trying hard to stand out with new tricks, targeting poor Mitel SIP phones like they’re the cool kids at school.”

Key Points:

  • Aquabot v3 is a new Mirai-based botnet variant targeting Mitel SIP phones via a command injection vulnerability.
  • The vulnerability, CVE-2024-41710, affects Mitel 6800, 6900, and 6900w series SIP phones.
  • Akamai researchers first observed this variant in January 2025, following a PoC exploit release in 2024.
  • Aquabot v3 is marketed as DDoS-as-a-service under misleading names, disguising its true malicious intent.
  • Threat actor’s unique signal handling suggests an attempt to observe and adapt to defensive mechanisms.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here