Here Comes Mirai: IoT Devices RSVP to Active Exploitation www.akamai.com/blog/secu…

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120 against discontinued GeoVision Internet of Things (IoT) devices.

The SIRT first identified activity in our honeypots in April 2025. This is the first reported active exploitation of these vulnerabilities since the initial disclosure in June 2024 and November 2024, respectively.

The botnet that is exploiting this vulnerability has also leveraged several other known vulnerabilities, including the DigiEver vulnerability we reported on previously.

We have included a list of indicators of compromise (IOCs) in this blog post to assist in defense against this threat.