Read all Blogs from this Author
The report by CloudSEK uncovers the resurgence of the Mozi botnet in a new form called "Androxgh0st," actively exploiting vulnerabilities across multiple platforms, including IoT devices and web servers. Since January 2024, Androxgh0st has adopted payloads and tactics from Mozi, allowing it to target systems like Cisco ASA, Atlassian JIRA, and PHP frameworks. This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. Immediate security patches and regular monitoring are advised to mitigate risks from this complex threat, which now combines Mozi’s IoT-targeting abilities with Androxgh0st’s extended attack vector.
Read all Whitepapers and reports from this Author
Read all knowledge base articles from this Author