Cybersecurity researchers on Thursday revealed details about a new Mirai-inspired botnet called “mirai_ptea” that leverages an undisclosed vulnerability in digital video recorders (DVR) provided by KGUARD to propagate and carry out distributed denial-of-service (DDoS) attacks.
Chinese security firm Netlab 360 pinned the first probe against the flaw on March 23, 2021, before it detected active exploitation attempts by the botnet on June 22, 2021.
The Mirai botnet, since emerging on the scene in 2016, has been linked to a string of large-scale DDoS attacks, including one against DNS service provider Dyn in October 2016, causing major internet platforms and services to remain inaccessible to users in Europe and North America.
Since then, numerous variants of Mirai have sprung up on the scene, in part due to the availability of its source code on the Internet. Mirai_ptea is no exception.
Not much has been disclosed about the security flaw in an attempt to prevent further exploitation, but the researchers said the KGUARD DVR firmware had vulnerable code prior to 2017 that enabled remote execution of system commands without authentication. At least approximately 3,000 devices…