Underground malware domain Cyberium was spotted hosting an active Mirai variant to exploit an RCE in Tenda routers. Experts found several campaigns going back to as early as May 2020. It has been in action for the past year and appears to be still active.