A Mirai botnet the option that is named Aquatato An active attempt to use medium -speed security deficiency has been noted that Mitel’s phones to go into the network capable of installing common service refusal attacks (DDOS).
Vulnerability in question Cve-2024-41710 (CVSS assessment: 6.8), the case of team introduction during the download process, which can allow malicious actors to perform arbitrary commands in the context of the phone.
This affects the Mitel 6800 series, the 6900 series, the 6900 W SIP series and the Mitel 6970 conference. It was address In mid -July 2024 mitteels. Publicly available In August.
Outside the CVE-2024-41710, some other vulnerabilities focused on the Botnet Remote Code Fulfillment, focused on Linksys E-Series device.
“Aquabot-it’s botnet, which was built as part of Mirai with the ultimate purpose of distributed service (DDOS),” Akama Kyle Lofton and Larry Cashdolar. – Note. “It was know Since November 2023 “
Web Infrastructure said an active operation against CVE-2024-41710 has been revealed since the beginning of January 2025, and the attacks reflect a “useful load, almost identical to POC to expand the Botnet malicious software.
The attack involves the execution of the shell script, which in turn uses the “WGET” command to obtain Aquabot for different processor architectures.
The Aquabot Mirai variant, noticed in the attack, was evaluated by the third malware. However, sending this information has not been revealed that it does not call any response from the server to date.
This new version, in addition to launching the C2 communication when detecting certain signals, is renamed “httpd.x86” to avoid attracting attention and programmed to stop the processes that meet certain requirements, such as local shells. It is suspected that the features of signaling is probably included to create more hidden options or reveal harmful activity from competing botnet.
There are several evidence that suggests that the threats behind the Aquabot are offering a network of violated hosts as a DDOS service on Telegram under firewall cursinq cursinq, servicees Eye and The Eye Botnet.
Develop-is a sign that Mirai continues to build a wide range of devices connected to the Internet that often do not have proper security features, either reached the end of life or remain available with default configuration and passwords, making them ripe with low fruit For operation and key channel for DDOS attacks.
“The threatening actors usually claim that Botnet is only used for DDOS testing to try to mislead researchers or law enforcement,” the researchers said.
“The threatening actors will claim that it is just a POC or something educational, but a deeper analysis shows that they actually advertise DDOS as a service, or owners boast their own botnets on telegram.”
