Title: “InfectedSlurs Botnet Targets QNAP VioStor NVR Vulnerability”
The InfectedSlurs botnet, based on Mirai, has been identified targeting QNAP VioStor NVR (Network Video Recorder) devices. Akamai recently issued a warning about this botnet, noting that it has been actively exploiting two zero-day vulnerabilities to infect routers and NVR devices.
The research team at Akamai discovered the botnet in October 2023, although they suspect it has been active since 2022. The vulnerabilities were reported to the respective vendors, with fixes expected in December 2023.
The botnet has been targeting various devices, including routers and NVR devices, using default admin credentials to install Mirai variants. One of the vulnerabilities it was found exploiting is the CVE-2023-47565, an RCE vulnerability in QNAP VioStor NVR devices with versions 5.0.0 and earlier.
Although QNAP has ceased support for these devices, the vendor recommends upgrading the VioStor firmware to the latest version as a mitigation measure. The compromised devices were exploiting OS command injection vulnerabilities in NTP settings.
Akamai’s report emphasizes the importance of updating legacy systems and avoiding default credentials to prevent botnet infections. The report concludes with a reminder to follow security updates on Twitter and Facebook.
Author: Pierluigi Paganini
Date: December 17, 2023