216.73.216.169

Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave

· Published 12/11/2024 08:47 · Modified 12/11/2024 09:28

Export JSON

Essential information

Published
12/11/2024 08:47
Modified
12/11/2024 09:28
Tags
2024-11-12 CVE-2014-2120 CVE-2018-10561 CVE-2018-10562 CVE-2021-26086 CVE-2021-41277 CVE-2022-1040 CVE-2022-21587 CVE-2023-1389 CVE-2024-36401 CVE-2024-4577 androxgh0st botnet credential-theft iot mozi persistent access remote code execution routers vulnerability exploitation web servers
Related entities
13 vulnerabilities (cve), 10 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware, 4 others

Description

The , active since January 2024, has evolved to incorporate payloads, expanding its attack surface from to devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing and credential theft techniques. The targets unpatched systems, employing tactics like command injection and brute-force attacks to maintain . With over 500 infected devices globally, poses a significant threat to critical infrastructure. The integration of 's capabilities suggests a possible merger of the two botnets, potentially under the same cybercriminal group, enhancing their combined effectiveness and reach.

External references