VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Nexcorium: Mirai variant exploits CVE-2024-3721 in TBK DVR, forming DDoS botnet

Nexcorium: Mirai‑вариант эксплуатирует CVE‑2024‑3721 в TBK DVR и формирует DDoS‑ботнет

Colleagues, a cybersecurity alert: I am observing a Nexcorium campaign exploiting CVE-2024-3721 against TBK DVR.

- Fortinet and Unit 42: the CVE-2024-3721 exploit drops the Nexcorium loader and launches the bot.
- The malware establishes persistence (crontab/systemd), attempts Telnet brute‑force, leverages CVE-2017-17215, and conducts DDoS (UDP/TCP/SMTP).
- Scans also target EoL TP‑Link routers (CVE-2023-33538); replace devices and remove default credentials.

Why it matters: legacy IoT and default accounts remain the primary vector for botnets.

How do you protect IoT devices in your infrastructure?

#cybersecurity #IoT #vulnerabilities #DDoS

Latest comments

No comments yet.