Overview
- FortiGuard Labs detailed a Mirai-family strain that was active only during October’s AWS outage, a pattern researchers say likely indicates a controlled test window.
- The malware exploited at least eight known vulnerabilities across DD-WRT, D-Link, DigiEver, TBK, and TP-Link products to compromise routers, NAS devices, and DVRs.
- Initial access relied on a downloader script named binary.sh that fetched payloads from 81.88.18.108, with attack activity observed originating from 198.199.72.27.
- Victims were recorded across 28 countries and in sectors including government, telecom, retail and hospitality, manufacturing, MSSPs, and education.
- D-Link confirmed no patches for certain end-of-life models tied to CVE-2024-10914 and CVE-2024-10915, TP-Link offered a beta fix for CVE-2024-53375, and Fortinet published IoCs for threat hunting.