Cydome's cybersecurity team has uncovered a new variant of the Mirai botnet, named Broadside, specifically targeting maritime logistics. This campaign exploits a vulnerability (CVE-2024-3721) in TBK digital video recorders used by shipping companies. Cydome has monitored the botnet's infrastructure, noting fluctuations in active IPs that align with the campaign's activity. Unlike previous Mirai versions, Broadside employs a custom command-and-control protocol and uses advanced techniques for stealth and evasion. The threat posed by Broadside extends beyond typical denial-of-service attacks. It actively seeks to harvest system credential files, indicating a goal of privilege escalation and lateral movement within compromised systems. The botnet can flood vessel networks and satellite communications, potentially disrupting mission-critical operations. Cydome detailed how the attack leverages remote command injection on TBK DVR devices through the /device.rsp endpoint via HTTP POST, enabling high-rate UDP flooding and stealthy persistence. To mitigate these risks, Cydome recommends ensuring systems are updated and patched, particularly regarding the known vulnerability that Broadside exploits. They stress the importance of using Network Detection and Response (NDR) tools, alongside firewalls and Endpoint Detection and Response (EDR) solutions. Implementing strong password practices, including multi-factor authentication, is vital to prevent unauthorized access. In light of new U.S. Coast Guard regulations, maritime operators must now report cyber incidents, prompting the launch of a free cyber-incident reporting tool by Cydome to assist compliance.