New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721 – Securityaffairs.com

  • Updated
  • 3 mins read


Published on: 2025-06-09

Intelligence Report: New Mirai Botnet Targets TBK DVRs by Exploiting CVE-2024-3721

1. BLUF (Bottom Line Up Front)

A new variant of the Mirai botnet has been identified, exploiting a command injection vulnerability (CVE-2024-3721) in TBK DVRs. This variant introduces enhanced features such as RC string encryption and anti-virtual machine checks, increasing its stealth and resilience. Immediate actions are required to patch vulnerable devices and mitigate potential large-scale botnet formations.

2. Detailed Analysis

The following structured analytic techniques have been applied to ensure methodological consistency:

Adversarial Threat Simulation

The new Mirai variant’s tactics, techniques, and procedures (TTPs) were modeled to anticipate potential vulnerabilities. The focus on TBK DVRs suggests a strategic targeting of IoT devices with known security flaws.

Indicators Development

Key indicators include unusual network traffic patterns and unauthorized access attempts on DVRs. Monitoring these can provide early warnings of botnet activity.

Bayesian Scenario Modeling

Probabilistic models suggest a high likelihood of increased attacks on unpatched IoT devices, with potential global spread if not addressed promptly.

3. Implications and Strategic Risks

The exploitation of TBK DVRs could lead to significant disruptions in surveillance systems, impacting both public and private sectors. The botnet’s ability to avoid detection and persist through device reboots poses a systemic risk to IoT infrastructure. Cross-domain risks include potential impacts on national security and economic stability due to compromised surveillance capabilities.

4. Recommendations and Outlook

  • Urgently apply security patches to all vulnerable TBK DVRs to prevent exploitation.
  • Conduct a factory reset on compromised devices to remove persistent threats.
  • Implement continuous monitoring for unusual activities on IoT networks.
  • Scenario Projections:
    • Best Case: Rapid patch deployment limits botnet growth and mitigates risks.
    • Worst Case: Delayed response leads to widespread device compromise and significant operational disruptions.
    • Most Likely: Moderate spread with regional impacts, controlled through targeted interventions.

5. Key Individuals and Entities

Kaspersky researchers have been instrumental in identifying and analyzing this new Mirai variant.

6. Thematic Tags

national security threats, cybersecurity, counter-terrorism, regional focus

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721 - Securityaffairs.com - Image 1

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721 - Securityaffairs.com - Image 2

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721 - Securityaffairs.com - Image 3

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721 - Securityaffairs.com - Image 4