TBK DVRs Botnet Attack

What is the Attack?Threat Actors are actively exploiting CVE-2024-3721, a command injection vulnerability in TBK DVR devices (Digital Video Recorders). This flaw allows unauthenticated remote code execution (RCE) via crafted HTTP requests to the endpoint. The compromised devices are being conscripted into a botnet capable of conducting DDoS attacks.If successfully exploited, there is a potential for significant disruption from DDoS attacks, lateral movement, or further malware delivery.What is the recommended Mitigation?Affected Devices Include: TBK DVR-4104TBK DVR-4216Currently we are unaware of any vendor supplied patch or updates available for this issue. Immediate patching is recommended once available. Alternatively, we recommend isolating or replacing the TBK DVRs and Monitor for unusual traffic patterns or binary drops from DVRs.What FortiGuard Coverage is available?FortiGuard Labs has available IPS protection for CVE-2024-3721 which detects and blocks attack attempts targeting TBK DVR OS Command Injection. Intrusion Prevention | FortiGuard LabsFortiGuard Labs has blocked all the known linked Indicators of Compromise (IOCs) including Mirai Botnet malware noted on the related campaigns.Antimalware and Sandbox Service delivers protection against known malware and uses advanced behavioral analysis to detect and block unknown threats.ELF/Mirai.DDW!tr- Virus | FortiGuard LabsThe FortiGuard Incident Response team is available to assist with any suspected compromise.