August 29, 2024 at 07:48AM
Malicious actors have weaponized a long-standing flaw in AVTECH IP cameras, exploiting a zero-day vulnerability to form a botnet. The vulnerability, CVE-2024-7029, allows remote code execution. The attack campaign has been ongoing since March 2024, leveraging known vulnerabilities to spread a Mirai botnet variant. Additionally, a “mysterious” botnet named 7777 has been targeting Microsoft 365 accounts using compromised routers.
From the meeting notes, it is clear that there is a significant security vulnerability impacting AVTECH IP cameras, as well as a botnet activity leveraging compromised routers to stage attacks against Microsoft 365 accounts. The CVE-2024-7029 vulnerability in AVTECH closed-circuit television (CCTV) cameras allows for remote code execution and remains unpatched, affecting AVM1203 camera devices using specific firmware versions. This vulnerability has been exploited by malicious actors to spread a Mirai botnet variant. Additionally, a “mysterious” botnet named 7777 (or Quad7) has been leveraging compromised TP-Link and ASUS routers to stage password-spraying attacks against Microsoft 365 accounts. The botnet is known for deploying SOCKS5 proxies on compromised devices to relay slow “brute-force” attacks. The activity highlighted in the meeting notes underscores the evolving tactics of threat operators and the ongoing security challenges faced by organizations.