Researchers warned about the fact that unpatched Hikvision video systems have become the targets of hackers in an attempt to conduct a cyberattack that has the role to drop a DDoS botnet. The botnet under discussion is dubbed Moobot, being a Mirai-based one.
The company released a patch for this during the month of September, however, Hikvision IP Network Video Recorder (NVR) products that are not yet patched will make for Moobot targets.
Moobot: How It Works
The researchers from FortiGuard Labs published a report on this topic and illustrated how Moobot works. It seems that its modus operandi is based on the exploitation of an existent remote code vulnerability (RCE) in the products of Hikvision.
The flaw under discussion was dubbed CVE-2021-36260 and its exploitation has the goal of distributing the botnet named Moobot, which will eventually result in a distributed denial of service (DDoS) cyberattack.
A hacker usually looks for a system that is vulnerable. What happens next when he finds it is that a downloader will drop the malware, in this case, as the researchers underlined, it’s about Moobot which can be described as a Mirai variant that encompasses Satori code traces.
Its most obvious feature is