CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Mirai Broadside Botnet Targets Maritime IoT with Advanced Tactics

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A new Mirai botnet variant, Broadside, is exploiting a critical-severity vulnerability (CVE-2024-3721) in TBK DVR to target the maritime logistics sector. Unlike previous Mirai variants, Broadside employs a custom C2 protocol, a unique 'Magic Header' signature, and an advanced 'Judge, Jury, and Executioner' module for exclusivity. It uses Netlink kernel sockets for stealthy, event-driven process monitoring and payload polymorphism to evade static defenses. Broadside attempts to maintain exclusive control over hosts by terminating other processes and harvesting system credential files to establish a strategic foothold. The botnet extends beyond denial-of-service attacks, aiming to compromise devices within the maritime sector, which could have significant operational and security implications.

Timeline

  1. 11.12.2025 15:40 1 articles · 23h ago

    Broadside Mirai Variant Exploits TBK DVR Vulnerability in Maritime Sector

    A new Mirai botnet variant, Broadside, has been observed exploiting a critical-severity vulnerability (CVE-2024-3721) in TBK DVR to target the maritime logistics sector. Unlike previous variants, Broadside employs advanced tactics such as a custom C2 protocol, a unique 'Magic Header' signature, and an advanced module for exclusivity. It uses Netlink kernel sockets for stealthy monitoring and payload polymorphism to evade detection. The botnet also attempts to harvest system credential files to establish a strategic foothold.

    Show sources
    Open in new tab

Information Snippets