Hackread reports that the Androxgh0st botnet had a nearly 50% increase in initial access vectors since last year.
Aside from leveraging vulnerabilities in Apache Shiro, Spring Framework, WordPress plugins, and Lantronix IoT devices to facilitate unauthorized code execution, data theft, and cryptomining, Androxgh0st has also targeted misconfigured domains owned by academic organizations, including the University of California San Diego, an analysis from CloudSEK revealed. Androxgh0st was observed to have a command-and-control panel hosted on UCSD's USArhythms subdomain linked to the USA Basketball Men's U19 National Team. Additional findings showing that Androxgh0st has also been harnessing webshells and JNDI and OGNL injection techniques to ensure persistence while maintaining stealth should prompt immediate system patching and outbound network traffic restrictions. "Shifting from its earlier focus on Chinese-linked mass surveillance campaigns to a much broader exploitation strategy, we now observe the botnet aggressively incorporating a wider array of high-impact vulnerabilities," said CloudSEK researcher Koushik Pal.
Aside from leveraging vulnerabilities in Apache Shiro, Spring Framework, WordPress plugins, and Lantronix IoT devices to facilitate unauthorized code execution, data theft, and cryptomining, Androxgh0st has also targeted misconfigured domains owned by academic organizations, including the University of California San Diego, an analysis from CloudSEK revealed. Androxgh0st was observed to have a command-and-control panel hosted on UCSD's USArhythms subdomain linked to the USA Basketball Men's U19 National Team. Additional findings showing that Androxgh0st has also been harnessing webshells and JNDI and OGNL injection techniques to ensure persistence while maintaining stealth should prompt immediate system patching and outbound network traffic restrictions. "Shifting from its earlier focus on Chinese-linked mass surveillance campaigns to a much broader exploitation strategy, we now observe the botnet aggressively incorporating a wider array of high-impact vulnerabilities," said CloudSEK researcher Koushik Pal.
