A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses. The vulnerability in question is CVE-2024-12856 (CVSS score: 7.2), which refers to an operating system (OS) command injection bug affecting router models F3x24 and F3x36 by taking advantage of unchanged default credentials. The development also comes as threat actors are leveraging susceptible and misconfigured PHP servers (e.g., CVE-2024-4577) to deploy a cryptocurrency miner called PacketCrypt.

‍