Unpatched AVTECH CCTV Cameras Under Attack by 'Corona' Malware
A serious cybersecurity threat has emerged, with unpatched AVTECH CCTV cameras being targeted by a Mirai variant malware. The campaign, active since December 2023, exploits a critical vulnerability that allows remote code execution via the brightness function of the cameras.
The malware, dubbed 'Corona', connects to numerous hosts through Telnet on ports 23, 2323, and 37215, printing the string 'Corona' to the console on infected hosts. This campaign also targets other unpatched zero-day vulnerabilities, indicating a trend of attackers exploiting older, likely low-priority, bugs.
The vulnerability, identified as CVE-2024-7029, was highlighted in a CISA ICS advisory in August 2024. It has a CVSS score of 8.7, carrying a 'High' rating. Despite a proof-of-concept being publicly available since at least 2019, it was not assigned a CVE until August 2024. Akamai has observed organizations in the telecommunications sector, MSPs, and ISPs affected by this botnet-based attack.
With no available patch for CVE-2024-7029, organizations are advised to decommission the impacted AVTECH IP camera devices immediately. This includes those used in critical infrastructure, as these devices are widespread worldwide. The ongoing nature of this campaign underscores the importance of regular vulnerability assessments and prompt patch management.
