TZUTC: -0500   
   MSGID: 30.consprcy@1:2320/105 2c022493   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Watch out, your office phone could be hijacked into a Mirai botnet   
      
   Date:   
   Thu, 30 Jan 2025 15:29:00 +0000   
      
   Description:   
   Hackers are abusing a flaw in Mitel phones to run DDoS attacks, report claims.   
      
   FULL STORY   
      
   Security researchers from Akamai have caught a new variant of the infamous   
   Mirai botnet targeting business phone devices built by Mitel.    
      
   Mitel provides business communication solutions, including VoIP , unified   
   communications, and contact center services, but according to Akamai, the   
   devices - namely Mitel 6800, 6900, and 6900w series of SIP desk phones,   
   together with the 6970 Conference Unit, running on firmware R6.4.0.HF1   
   (R6.4.0.136) - are vulnerable to a command injection flaw tracked as   
   CVE-2024-41710.    
      
   This is a medium-severity bug (6.8/10) that allows an attacker to execute   
   arbitrary commands within the context of the system.   
      
   Reporting counter-attacks   
      
   A threat actor took advantage of this flaw to deploy Aquabotv3, a new variant   
   of Mirai, arguably the most destructive botnet out there. Aquabot allows its   
   operators to run Distributed Denial of Service (DDoS) attacks.    
      
   This version also comes with a unique and uncommon feature that most likely   
   serves to help threat actors track the health of the botnet. When a victim   
   spots the malware on its device and tries to remove it, Aquabot will react    
   and send the information about the attempt back to its command & control (C2)   
   server.    
      
   The best way to defend against Aquabot and other Mirai variants is to keep    
   the endpoints updated. Mitel patched this particular vulnerability in July   
   2024, so if youre using these phones in your organization, make sure to apply   
   the patch to mitigate any risks.    
      
   Mirai and its variants continue to wreak havoc across cyberspace. In the last   
   30 days alone, there have been multiple news reports of different Mirai   
   variants being spotted in the wild. For example, researchers from Juniper   
   recently warned about a Mirai variant in late December 2024, and in early   
   January 2025, Chinese researchers discovered a variant of Mirai with an   
   offensive name targeting industrial routers.    
      
    Via The Register   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/watch-out-your-office-phone-could-be-hi   
   jacked-into-a-mirai-botnet   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426