The Aquabot botnet, a variant of Mirai, targets vulnerabilities in Mitel phone systems including CVE-2024-41710, exploiting a command injection flaw to facilitate DDoS attacks. First identified in November 2023, issues began surfacing in January 2025 when researchers observed exploitation attempts. This botnet also targets other vulnerabilities, using a proof-of-concept exploit. Notably, Aquabot features a new "report_kill" function which communicates with its command-and-control server without receiving a response, suggesting potential implications for detection and mitigation efforts against botnet activity.
Aquabot is a botnet that was built off the Mirai framework with the ultimate goal of distributed denial-of-service (DDoS). It has been known since November 2023.
The web infrastructure company said it detected active exploitation attempts against CVE-2024-41710 since early January 2025, with the attacks mirroring a payload almost identical to the PoC.
Collection
[
|
...
]