From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Essential information
- Published
- 10/10/2025 02:11
- Modified
- 10/10/2025 09:07
- Tags
- 2025-10-10 CVE-2023-1389 CVE-2024-12856 CVE-2024-3721 pwn2own rondodox
- Related entities
- 71 observables, 1 intrusion sets (apt), 15 techniques (mitre), 3 malware
Description
A large-scale RondoDox botnet campaign has been identified, exploiting over 50 vulnerabilities across more than 30 vendors. The campaign targets internet-exposed infrastructure, including routers, DVRs, NVRs, CCTV systems, and web servers. It began with exploiting a vulnerability from Pwn2Own Toronto 2022 and has since expanded its arsenal. The campaign uses an 'exploit shotgun' approach, attempting multiple exploits simultaneously. Organizations are at risk of data exfiltration, persistent network compromise, and operational disruption. Prioritizing patching, conducting regular vulnerability assessments, segmenting networks, and continuous monitoring are recommended as proactive security measures.