Mitel SIP phones experienced a variant of Mirai-based Aquabotv3 botnet attack, targeting a vulnerability (CVE-2024-41710) across several models, including the 6970 Conference Unit up to firmware version R6.4.0.HF1. This attack allowed Aquabotv3 to recruit the phones into a DDoS botnet potentially disrupting communications. Mitel had issued firmware updates to address this issue, but the emergence of PoC exploit code and subsequent attack highlights the ongoing threat to IoT devices. The attack could lead to operational disruptions and compromise the confidentiality and integrity of communications.
Source: https://securityaffairs.com/173607/breaking-news/aquabot-variant-v3-targets-mitel-sip-phones.html
TPRM report: https://scoringcyber.rankiteo.com/company/mitel
"id": "mit000013025",
"linkid": "mitel",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Telecommunications',
'name': 'Mitel',
'type': 'Company'}],
'attack_vector': 'Firmware Vulnerability (CVE-2024-41710)',
'description': 'Mitel SIP phones experienced a variant of Mirai-based '
'Aquabotv3 botnet attack, targeting a vulnerability '
'(CVE-2024-41710) across several models, including the 6970 '
'Conference Unit up to firmware version R6.4.0.HF1. This '
'attack allowed Aquabotv3 to recruit the phones into a DDoS '
'botnet potentially disrupting communications. Mitel had '
'issued firmware updates to address this issue, but the '
'emergence of PoC exploit code and subsequent attack '
'highlights the ongoing threat to IoT devices. The attack '
'could lead to operational disruptions and compromise the '
'confidentiality and integrity of communications.',
'impact': {'operational_impact': 'Potential operational disruptions',
'systems_affected': 'Mitel SIP phones, including the 6970 '
'Conference Unit up to firmware version '
'R6.4.0.HF1'},
'initial_access_broker': {'entry_point': 'Firmware Vulnerability '
'(CVE-2024-41710)'},
'motivation': 'DDoS Botnet Recruitment',
'post_incident_analysis': {'corrective_actions': 'Firmware updates',
'root_causes': 'Firmware Vulnerability '
'(CVE-2024-41710)'},
'response': {'remediation_measures': 'Firmware updates'},
'threat_actor': 'Aquabotv3',
'title': 'Mitel SIP Phones Aquabotv3 DDoS Botnet Attack',
'type': 'DDoS Botnet',
'vulnerability_exploited': 'CVE-2024-41710'}