Nexcorium Mirai Variant Weaponizes TBK DVR Flaw CVE-2024-3721 for DDoS Swarm
Original source
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
The Hacker News →A fresh Mirai descendant dubbed Nexcorium is actively enlisting TBK-branded digital video recorders into a DDoS botnet by abusing CVE-2024-3721, a command injection weakness in the devices’ web management interface. Operators exploit the unauthenticated endpoint to drop architecture-specific payloads, then beacon out to command infrastructure that coordinates flood attacks against downstream targets.
The campaign underscores the enduring soft underbelly of consumer and SMB surveillance gear: exposed admin panels, stale firmware, and vendors slow to ship patches leave tens of thousands of devices ripe for conscription. Nexcorium’s operators have layered persistence tricks and anti-analysis checks over the familiar Mirai skeleton, extending the lineage that has fueled volumetric attacks since 2016.
Defenders running TBK DVRs or rebadged equivalents should assume exposure if the device is reachable from the internet. Pull units behind a firewall, block inbound access to management ports, apply vendor firmware where available, and hunt for outbound traffic to known Mirai-family C2 patterns.
Read the full article
Continue reading at The Hacker News →This is an AI-generated summary. Read the original for the full story.