Overview

• Trend Micro’s Zero Day Initiative details an “exploit shotgun” campaign hitting 56 vulnerabilities across routers, cameras, DVRs and web servers from more than 30 vendors.
• Observed activity peaked between September 22 and 24, and researchers say they have not seen new exploit events since the 24th.
• Multi-architecture loaders install Mirai variants that give attackers remote control and enable large-scale DDoS operations.
• The toolkit includes 18 unassigned command-injection flaws affecting products such as D-Link NAS units, TVT and LILIN DVRs, Fiberhome and ASMAX routers, and Brickcom cameras.
• Distribution broadened through a loader-as-a-service co-packaging RondoDox with Mirai and Morte, with FortiGuard earlier linking CVE-2024-3721 and CVE-2024-12856; researchers advise applying firmware updates, replacing end-of-life gear, segmenting networks, and changing default credentials.