Threat actors are exploiting command injection vulnerabilities in TBK DVR devices and end-of-life TP-Link routers to spread Mirai-based botnets like Nexcorium and Condi. These campaigns leverage CVE-2024-3721 and CVE-2023-33538 to gain unauthorized access, emphasizing the critical risk posed by unpatched IoT devices and legacy hardware.
The Nexcorium malware features sophisticated persistence methods, architecture flexibility, and lateral movement capabilities using brute-force attacks and older exploits. Security researchers warn that the reliance on default credentials and the lack of manufacturer support for EoL devices continue to provide attackers with easy entry points for launching large-scale DDoS attacks.
Top comments (0)