HomeRisk ManagementsAndroxgh0st Botnet Utilizes Mozi Payloads to Increase IoT Influence

Androxgh0st Botnet Utilizes Mozi Payloads to Increase IoT Influence

Published on

spot_img

A recent report by CloudSEK’s Threat Research team has shed light on significant developments in the Androxgh0st botnet, indicating its strategic expansion and integration with elements from the Mozi botnet. The Androxgh0st botnet, which has been active since January 2024, has started targeting web servers by exploiting vulnerabilities to infiltrate systems.

The latest findings suggest that Androxgh0st is incorporating Mozi’s Internet of Things (IoT)-focused payloads, raising concerns about a potential partnership between the two botnets. This alliance could result in even more sophisticated and widespread cyber threats in the future.

CloudSEK’s investigation has revealed that Androxgh0st is taking advantage of various vulnerabilities in popular technologies such as Cisco ASA, Atlassian JIRA, and multiple PHP frameworks. These vulnerabilities allow unauthorized access and remote code execution, enabling attackers to maintain control over compromised systems. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory earlier this year warning organizations about Androxgh0st’s ability to exploit vulnerabilities across different Common Vulnerabilities and Exposures (CVEs).

Some of the key vulnerabilities exploited by Androxgh0st include:

Further analysis by CloudSEK has also uncovered Androxgh0st’s targeting of IoT devices, a tactic previously associated with the Mozi botnet. Despite the disruption of Mozi due to the arrest of its creators in 2021, Androxgh0st’s command-and-control logs suggest a reintegration of Mozi’s payloads into its infrastructure. This integration has expanded the botnet’s reach, posing a greater threat to IoT environments worldwide.

In order to mitigate the risks posed by Androxgh0st, organizations are advised to promptly patch affected software and network vulnerabilities. Regular system checks, vulnerability scans, and software updates are essential steps in combating these evolving cyber threats.

Overall, the emergence of strategic alliances between different botnets like Androxgh0st and Mozi highlights the ever-evolving nature of cyber threats. As cybercriminals continue to collaborate and adapt their tactics, it is crucial for organizations to stay vigilant and proactive in securing their systems and data against such threats.

Source link

Latest articles

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...

Ransomware Groups Adopt Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Anubis Ransomware Operation: Exploiting Vulnerabilities for Malicious Gains The Anubis ransomware operation has recently been...

More like this

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...