Your desk phone can be used to DDoS people and systems, experts warn. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Security researchers from Akamai have caught a new variant of the infamous Mirai botnet targeting business phone devices built by Mitel. Mitel provides business communication solutions, including VoIP, unified communications, and contact center services, but according to Akamai, the devices - namely Mitel 6800, 6900, and 6900w series of SIP desk phones, together with the 6970 Conference Unit, running on firmware R6.4.0.HF1 (R6.4.0.136) - are vulnerable to a command injection flaw tracked as CVE-2024-41710.

This is a medium-severity bug (6.8/10) that allows an attacker to execute arbitrary commands within the context of the system. A threat actor took advantage of this flaw to deploy Aquabotv3, a new variant of Mirai, arguably the most destructive botnet out there. Aquabot allows its operators to run Distributed Denial of Service (DDoS) attacks. This version also comes with a unique and uncommon feature that most likely serves to help threat actors track the health of the botnet. When a victim spots the malware on its device and tries to remove it, Aquabot will react and send the information about the attempt back to its command & control (C2) server.

The best way to defend against Aquabot and other Mirai variants is to keep the endpoints updated. Mitel patched this particular vulnerability in July 2024, so if you’re using these phones in your organization, make sure to apply the patch to mitigate any risks. Mirai and its variants continue to wreak havoc across cyberspace. In the last 30 days alone, there have been multiple news reports of different Mirai variants being spotted in the wild. For example, researchers from Juniper recently warned about a Mirai variant in late December 2024, and in early January 2025, Chinese researchers discovered a variant of Mirai with an offensive name targeting industrial routers.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!. Via The Register. Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.