A newly discovered variant of the Mirai malware, known as Nexcorium, is leveraging a vulnerability in TBK digital video recorders (DVRs) to compromise devices and enlist them in large-scale distributed denial-of-service (DDoS) attacks. Additionally, outdated TP-Link routers are also being targeted, highlighting the ongoing issue of insecure internet-of-things (IoT) devices. Researchers at Fortinet have identified the threat, which exploits known vulnerabilities in these devices to gain initial access and deploy the Nexcorium malware1. The use of compromised IoT devices in DDoS attacks is a significant concern, as it can lead to substantial disruptions to online services. The fact that threat actors are targeting devices with known vulnerabilities underscores the importance of regular patching and secure configuration of IoT devices. This discovery matters to security practitioners because it underscores the need for proactive measures to secure IoT devices against such exploits.
Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks
⚡ High Priority
Why This Matters
Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium.
References
- SecurityAffairs. (2026, April 18). Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks. *SecurityAffairs*. https://securityaffairs.com/190974/malware/nexcorium-mirai-variant-exploits-tbk-dvr-flaw-to-launch-ddos-attacks.html
Original Source
SecurityAffairs
Read original →