Cybercriminals are expanding the RondoDox botnet operation by exploiting over 50 vulnerabilities in various network devices and integrating Mirai/Morte payloads via loader-as-a-service infrastructure. This evolution indicates a broader and more sophisticated threat targeting IoT, routers, and servers globally, with significant implications for internet-exposed infrastructure. #RondoDox #Mirai #IoTthreats #DDoSattacks
Keypoints
- The RondoDox botnet is expanding its attack surface by targeting more than 50 vulnerabilities across numerous vendors and devices.
- Recent campaigns involved exploiting CVE-2023-1389 in TP-Link Archer routers, among other security flaws.
- RondoDox now uses loader-as-a-service infrastructure to co-package payloads like Mirai and Morte, making detection more challenging.
- New exploits include vulnerabilities in devices from vendors such as D-Link, Linksys, NETGEAR, and Zyxel, among others.
- The activity indicates a shift towards multi-vector loader operations, increasing the scale and sophistication of automated network exploitation.
Read More: https://thehackernews.com/2025/10/researchers-warn-rondodox-botnet-is.html