New Aquabotv3 botnet malware targets Mitel command injection flaw www.bleepingcomputer.com/news/secu…

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones.

The activity was discovered by Akamai’s Security Intelligence and Response Team (SIRT), who reports that this is the third variant of Aquabot that falls under their radar.

The malware family was introduced in 2023, and a second version that added persistence mechanisms was released later. The third variant, ‘Aquabotv3,’ introduced a system that detects termination signals and sends the info to the command-and-control (C2) server.