Attacks at the unsupported GeoVision IoT devices involved an exploit.
Outdated GeoVision Internet of Things devices and vulnerable Samsung MagicINFO 9 servers have been targeted for the deployment of the Mirai botnet in distributed denial-of-service attacks.
According to research by Akamai and published by Hacker News, attacks aimed at the end-of-life GeoVision IoT devices involved an exploit using the operating system command injection bugs, tracked as CVE-2024-6047 and CVE-2024-11120.
Akamai analysis showed that exploitation of these flaws facilitated command injection into the szSrvIpAddr parameter and execution of the ARM-based Mirai variant dubbed LZRD.
Other reports from Arctic Wolf and the SANS Technology Institute also noted the ongoing intrusions leveraged the high-severity Samsung MagicINFO 9 path traversal issue, tracked as CVE-2024-7399, to spread the Mirai botnet following the emergence of a proof-of-concept exploit at the end of April.
"The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages files," said Arctic Wolf.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
