CyberSecurityBoard
Sponsor Register Login

New Mirai Botnet Exploiting TVT DVRs To Gain Administrative Control

Security experts recommend immediate action including blocking known malicious IP addresses, applying all available patches, restricting public internet access to DVR interfaces, and implementing comprehensive network monitoring to detect unusual scanning or exploitation attempts. Cybersecurity researchers have identified a significant spike in exploitation attempts targeting TVT NVMS9000 digital video recorders (DVRs), with activity surging to three times normal levels in early April 2025. The exploitation targets an information disclosure vulnerability in TVT surveillance systems that can be leveraged to gain full administrative control over affected devices. GreyNoise researchers noted that the exploitation attempts peaked on April 3, 2025, with over 2,500 unique IP addresses detected targeting these systems. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Once compromised, these systems can be enlisted into the botnet’s network, potentially contributing to distributed denial-of-service (DDoS) attacks and other malicious activities characteristic of Mirai operations. The primary targets of this campaign are systems located in the United States, United Kingdom, and Germany, while the attacking infrastructure predominantly originates from Taiwan, Japan, and South Korea. TVT Digital Technology Co., Ltd., the Shenzhen-based manufacturer of the affected NVMS9000 DVRs, has reportedly served customers in more than 120 countries, indicating the potentially vast scope of vulnerable systems. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Their analysis confirmed substantial overlap with known Mirai activity patterns, strongly suggesting this campaign represents an expansion of the notorious botnet’s infrastructure. Upon discovering vulnerable systems, the attackers exploit the information disclosure vulnerability to extract administrative credentials.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Apr 2025 10:00:15 +0000


Cyber News related to New Mirai Botnet Exploiting TVT DVRs To Gain Administrative Control

New Mirai Botnet Exploiting TVT DVRs To Gain Administrative Control - Security experts recommend immediate action including blocking known malicious IP addresses, applying all available patches, restricting public internet access to DVR interfaces, and implementing comprehensive network monitoring to detect unusual ...
1 week ago Cybersecuritynews.com
New Mirai botnet behind surge in TVT DVR exploitation - A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. The attacks attempt to exploit an information disclosure vulnerability ...
1 week ago Bleepingcomputer.com Slug
InfectedSlurs Botnet Spreads Mirai via Zero-Days - The payload targets routers and network video recorder devices with default admin credentials and installs Mirai variants when successful. Until November 9, 2023, the vulnerable devices being targeted were unknown. Since both the name and the version ...
1 year ago Akamai.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
1 year ago Bleepingcomputer.com
New Vo1d botnet variant infects 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has infected 1,590,299 Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised devices ...
1 month ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. The Vo1d botnet is a multi-purpose cybercrime tool that turns compromised ...
1 month ago Bleepingcomputer.com
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation - Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in the wild, using this exploit with ...
11 months ago Blogs.juniper.net CVE-2023-46805 CVE-2024-21887
Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices - Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service attacks by exploiting vulnerable Internet of Things devices. Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such ...
1 year ago Gbhackers.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
10 months ago Tripwire.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
10 months ago Packetstormsecurity.com
QNAP VioStor NVR vulnerability actively exploited by malware botnet - A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm. The botnet was discovered by Akamai's Security Intelligence Response Team in ...
1 year ago Bleepingcomputer.com CVE-2023-49897 CVE-2023-47565
'Yet another Mirai-based botnet' is spreading an illicit cryptominer - A well-designed operation is using a version of the infamous Mirai malware to secretly distribute cryptocurrency mining software, researchers said Wednesday. Calling it NoaBot, researchers at Akamai said the campaign has been active for about a year, ...
1 year ago Therecord.media
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
1 year ago Go.theregister.com Fancy Bear Volt Typhoon
InfectedSlurs Botnet Resurrects Mirai With Zero-Days - The Akamai Security Incident Response Team has detected increased activity targeting a rarely used TCP port across its global honeypots. The investigation conducted in late October 2023 revealed a specific HTTP exploit path, identifying two zero-day ...
1 year ago Infosecurity-magazine.com
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet - MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. This campaign was discovered by researchers at the AhnLab Security Emergency Response ...
1 year ago Bleepingcomputer.com
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
1 year ago Bleepingcomputer.com CVE-2022-0543
GorillaBot Attacks Windows Devices With 300,000+ Attack Commands - The malware has been designed to hijack vulnerable devices globally, turning them into tools for distributed denial-of-service (DDoS) attacks and other malicious activities. Built on the infamous Mirai botnet framework, GorillaBot represents a ...
3 weeks ago Cybersecuritynews.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
1 year ago Darkreading.com Volt Typhoon
Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News - Cato Networks found some evidence that the threat actor involved deploys tools to potentially steal data from infected networks.The IP address tied to the threat actor is no longer responding, the researchers said, adding that they have found a new ...
1 month ago Therecord.media CVE-2023-1389
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
1 year ago Securityweek.com Volt Typhoon
Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
1 year ago Bleepingcomputer.com
RUBYCARP hackers linked to 10-year-old cryptomining botnet - A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. According to a new report by Sysdig, RUBYCARP currently operates a ...
1 year ago Bleepingcomputer.com CVE-2021-3129
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
1 year ago Securityweek.com Volt Typhoon Hunters

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)