The Mirai-based Aquabot botnet is targeting a critical vulnerability (CVE-2024-41710) in Mitel SIP phones, including the 6800, 6900, and 6900w series, to turn them into botnets for distributed denial-of-service (DDoS) attacks. This vulnerability, which involves insufficient parameter sanitization during the boot process, allows authenticated attackers to execute arbitrary commands on the devices. The flaw was patched by Mitel in July 2024, but a proof-of-concept exploit was published in August. Aquabot, exploiting this vulnerability since January 2025, uses the payload from the PoC code to deploy Mirai malware on vulnerable phones. The botnet also targets other devices, including routers and web interfaces, and has added monitoring functionality to track the botnet's health.