New Murdoc Botnet Campaign Exploits Security Flaws in AVTECH IP Cameras and Huawei HG532 Routers

Author: Ravie Lakshmanan
Date: January 21, 2025

Tags: Botnet / Vulnerability

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to conduct DDoS attacks and other malicious purposes."

To safeguard against such attacks, it’s advised to monitor suspicious processes, events, and network traffic spawned by the execution of any untrusted binary/scripts. It’s also recommended to apply firmware updates and change the default username and password.

Update

A new report from exposure management platform Censys has revealed that there are 221 Murdoc-infected hosts concentrated in Indonesia, Singapore, Taiwan, the United States, and Hong Kong, stating the reported number of more than 1,300 compromised devices is likely an overestimate.

"They include ‘truncated’ hosts and pseudoservices that respond on over 100+ open ports – behavior which exceeds reasonable standards and is likely not reflective of genuine hosts," Censys added.

Follow us on Twitter and LinkedIn to read more exclusive content we post.