Nexcorium: Mirai variant exploits CVE-2024-3721 in TBK DVR, forming DDoS botnet

Colleagues, a cybersecurity alert: I am observing a Nexcorium campaign exploiting CVE-2024-3721 against TBK DVR.
- Fortinet and Unit 42: the CVE-2024-3721 exploit drops the Nexcorium loader and launches the bot.
- The malware establishes persistence (crontab/systemd), attempts Telnet brute‑force, leverages CVE-2017-17215, and conducts DDoS (UDP/TCP/SMTP).
- Scans also target EoL TP‑Link routers (CVE-2023-33538); replace devices and remove default credentials.
Why it matters: legacy IoT and default accounts remain the primary vector for botnets.
How do you protect IoT devices in your infrastructure?
#cybersecurity #IoT #vulnerabilities #DDoS


Latest comments
No comments yet.