Vulnerability cyber

AVTECH and Huawei

Jan 25, 2025 1 min read
AVTECH and Huawei

The Murdoc Botnet, a new variant of the Mirai malware, has been actively exploiting vulnerabilities in AVTECH IP cameras and Huawei HG532 routers. Infecting over 1300 systems, with a notable presence in Malaysia, Thailand, Mexico, and Indonesia, the botnet uses older exploits like CVE-2024-7029 and CVE-2017-17215. The campaign is significant, with 100 servers found distributing malware and compromising IP communication. It employs command-line injections to load malicious ShellScripts on IoT devices, enlarging its network through C2 servers.

Source: https://securityaffairs.com/173294/cyber-crime/new-mirai-botnet-variant-murdoc-botnet-targets-avtech-ip-cameras-and-huawei-hg532-routers.html

TPRM report: https://scoringcyber.rankiteo.com/company/netriseinc

"id": "net000012525",
"linkid": "netriseinc",
"type": "Vulnerability",
"date": "1/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': 'Technology',
                        'location': ['Malaysia',
                                     'Thailand',
                                     'Mexico',
                                     'Indonesia'],
                        'type': 'IoT Devices'}],
 'attack_vector': 'Exploiting vulnerabilities in IoT devices',
 'description': 'The Murdoc Botnet, a new variant of the Mirai malware, has '
                'been actively exploiting vulnerabilities in AVTECH IP cameras '
                'and Huawei HG532 routers. Infecting over 1300 systems, with a '
                'notable presence in Malaysia, Thailand, Mexico, and '
                'Indonesia, the botnet uses older exploits like CVE-2024-7029 '
                'and CVE-2017-17215. The campaign is significant, with 100 '
                'servers found distributing malware and compromising IP '
                'communication. It employs command-line injections to load '
                'malicious ShellScripts on IoT devices, enlarging its network '
                'through C2 servers.',
 'impact': {'systems_affected': 'Over 1300 systems'},
 'initial_access_broker': {'entry_point': 'Vulnerabilities in AVTECH IP '
                                          'cameras and Huawei HG532 routers'},
 'motivation': 'Distribute malware and compromise IP communication',
 'post_incident_analysis': {'root_causes': 'Exploitation of vulnerabilities in '
                                           'IoT devices'},
 'threat_actor': 'Murdoc Botnet',
 'title': 'Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers',
 'type': 'Malware',
 'vulnerability_exploited': ['CVE-2024-7029', 'CVE-2017-17215']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.