TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

2026-04-20 · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
84%
"close the exposure gap, " trey ford, chief strategy and trust officer at bugcrowd, said. " machine speed analysis tells you a vulnerability exists, but human researcher depth tells you how an adversary will chain it, weaponize it and sustain access long after the initial alert fi…"
T1190Exploit Public-Facing Application
75%
"attackers exploit dvr command injection flaw to deploy mirai - based botnet a newly identified malware campaign has been observed exploiting a command injection flaw in digital video recorder ( dvr ) devices to deploy a mirai - based botnet, according to analysis by fortiguard la…"
T1584.005Botnet
71%
"laterally, targets multiple cpu architectures and incorporates legacy exploits to broaden its reach across vulnerable devices. persistence is achieved through several mechanisms. the malware modifies system initialization files, creates startup scripts and registers system servic…"
T1584.005Botnet
33%
"time, particularly for ddos attacks, " john gallagher, vice president of viakoo labs at iot security firm viakoo, said. " until more action is taken by enterprises to maintain cyber hygiene on iot devices, this will continue because of the ease of infection and ability to move la…"

Summary

FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices