A new Mirai botnet variant, Aquabot, is making the rounds, exploiting a flaw in Mitel phones to launch DDoS attacks. The vulnerability, CVE-2024-41710, impacts Mitel’s 6800, 6900, and 6900w Series SIP Phones, along with the 6970 Conference Unit, putting affected devices at risk. Although Mitel addressed this issue in July 2024, a proof-of-concept exploit became publicly available in August, leading to active exploitation attempts since early January 2025.
Aquabot targets this medium-severity command injection flaw, which allows attackers to execute arbitrary commands during the phone’s boot process. The botnet also exploits other vulnerabilities, including those in Linksys E-series devices, to expand its reach.
Unique Features of Aquabot
Akamai security researchers were the first to spot Aquabot and its unique capabilities. One standout feature is the ‘report_kill’ function, which notifies a command-and-control server whenever an infected device receives a kill signal. However, no server responses have been observed so far. Aquabot also attempts to conceal its presence by renaming itself to “httpd.x86” and terminating certain processes, such as local shells.
Distribution and Impact
The botnet is reportedly being advertised as a DDoS service on Telegram under names like Cursinq Firewall and The Eye Botnet, offering both layer 4 and layer 7 attack capabilities. This marks the third iteration of the Mirai botnet, which continues to exploit internet-connected devices with inadequate security measures.
The persistence of such threats highlights the ongoing challenges in securing IoT devices. Many devices lack proper defences, have reached end-of-life, or are left vulnerable due to default configurations. These factors make them prime targets for botnets like Aquabot to conduct DDoS attacks.
About FastNetMon
FastNetMon delivers versatile DDoS detection software for companies at any scale. With extensive experience in the telecom, mobile, and cloud computing industries, we take pride in preventing DDoS attacks and protecting our customers’ networks to the highest standard.