Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave

SUMMARY :

The Androxgh0st botnet, active since January 2024, has evolved to incorporate Mozi botnet payloads, expanding its attack surface from web servers to IoT devices. It exploits vulnerabilities in various platforms, including Cisco ASA, Atlassian JIRA, and PHP frameworks, utilizing remote code execution and credential theft techniques. The botnet targets unpatched systems, employing tactics like command injection and brute-force attacks to maintain persistent access. With over 500 infected devices globally, Androxgh0st poses a significant threat to critical infrastructure. The integration of Mozi's capabilities suggests a possible merger of the two botnets, potentially under the same cybercriminal group, enhancing their combined effectiveness and reach.

OPENCTI LABELS :

botnet,remote code execution,credential theft,cve-2022-21587,iot,cve-2024-4577,androxgh0st,vulnerability exploitation,mozi,cve-2018-10562,cve-2018-10561,routers,cve-2022-1040,cve-2024-36401,cve-2021-41277,cve-2023-1389,cve-2021-26086,cve-2014-2120,web servers,persistent access


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Mozi Resurfaces as Androxgh0st Botnet: Unraveling The Latest Exploitation Wave