Mitel

Mitel

Mitel SIP phones experienced a variant of Mirai-based Aquabotv3 botnet attack, targeting a vulnerability (CVE-2024-41710) across several models, including the 6970 Conference Unit up to firmware version R6.4.0.HF1. This attack allowed Aquabotv3 to recruit the phones into a DDoS botnet potentially disrupting communications. Mitel had issued firmware updates to address this issue, but the emergence of PoC exploit code and subsequent attack highlights the ongoing threat to IoT devices. The attack could lead to operational disruptions and compromise the confidentiality and integrity of communications.

Source: https://securityaffairs.com/173607/breaking-news/aquabot-variant-v3-targets-mitel-sip-phones.html

TPRM report: https://scoringcyber.rankiteo.com/company/mitel

"id": "mit000013025",
"linkid": "mitel",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Telecommunications',
                        'name': 'Mitel',
                        'type': 'Company'}],
 'attack_vector': 'Firmware Vulnerability (CVE-2024-41710)',
 'description': 'Mitel SIP phones experienced a variant of Mirai-based '
                'Aquabotv3 botnet attack, targeting a vulnerability '
                '(CVE-2024-41710) across several models, including the 6970 '
                'Conference Unit up to firmware version R6.4.0.HF1. This '
                'attack allowed Aquabotv3 to recruit the phones into a DDoS '
                'botnet potentially disrupting communications. Mitel had '
                'issued firmware updates to address this issue, but the '
                'emergence of PoC exploit code and subsequent attack '
                'highlights the ongoing threat to IoT devices. The attack '
                'could lead to operational disruptions and compromise the '
                'confidentiality and integrity of communications.',
 'impact': {'operational_impact': 'Potential operational disruptions',
            'systems_affected': 'Mitel SIP phones, including the 6970 '
                                'Conference Unit up to firmware version '
                                'R6.4.0.HF1'},
 'initial_access_broker': {'entry_point': 'Firmware Vulnerability '
                                          '(CVE-2024-41710)'},
 'motivation': 'DDoS Botnet Recruitment',
 'post_incident_analysis': {'corrective_actions': 'Firmware updates',
                            'root_causes': 'Firmware Vulnerability '
                                           '(CVE-2024-41710)'},
 'response': {'remediation_measures': 'Firmware updates'},
 'threat_actor': 'Aquabotv3',
 'title': 'Mitel SIP Phones Aquabotv3 DDoS Botnet Attack',
 'type': 'DDoS Botnet',
 'vulnerability_exploited': 'CVE-2024-41710'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.