Kaspersky Finds New Variant Of Mirai's Botnet Targeting Supervision Cameras

JAKARTA - Kaspersky GREAT researchers found several IoT devices targeted by the new version of Mirai's botnet, the majority in China, Egypt, India, Brazil, Turkey, and Russia.

Mirai is a malware that infects Internet of Things (IoT) devices such as IP cameras, DVRs, or routers. Mirai is also still one of the top threats for IoT in 2025 to carry out DDoS attacks, data theft, and other malicious activities.

Mirai's botnet source code was shared on the internet nearly a decade ago, and since then, the code has been adapted and modified by various groups to create large-scale botnets that are mostly focused on DDoS and resource hijacking, "said Anderson Leite, Security Researcher at GREAT Kaspersky.

Kaspersky's research notes that throughout 2024 there have been 1.7 billion attacks on IoT devices worldwide, including attacks involving Mirai botnets.

This attack came from 858,520 infected devices. In Indonesia alone, Kaspersky found the number of attacks reached 5.2 million, an increase of 19% compared to 2023.

To explore the IoT attack, how the attack was carried out and how to prevent it, Kaspersky prepared honeypots, bait devices to attract the attention of the attackers and analyze their activities.

In honeypots, Kaspersky detected the exploitation of CVE-2024-3721 vulnerabilities to deploy bot which turned out to be a modification of Mirai's botnet. But this time, the focus of attack is digital video recorder (DVR), security and surveillance devices in various sectors.

'Attacks on DVR devices can jeopardize privacy, but more than that, they can serve as an entry point for attackers to infiltrate wider networks, deploy malware and create botnets to launch DDoS attacks, as seen in Mirai,' he explained.

To reduce the risk of IoT device infection, users must: