Who:
Entities Involved: Threat actors deploying AndroxGh0st malware in collaboration with Mozi botnet; identified by CloudSEK.
What:
Attack Method: AndroxGh0st malware is exploiting vulnerabilities across internet-facing applications and using the Mozi botnet to infect IoT and cloud systems. The malware leverages unpatched flaws in various platforms (e.g., Cisco ASA, Dasan GPON, and Oracle EBS) for remote code execution and credential theft, gaining control over targeted devices.
Botnet Capabilities: Mozi enables DDoS attacks, while AndroxGh0st expands its scope by embedding Mozi’s IoT infection mechanisms, enabling wider IoT device compromise.
Impact:
Security Risks: The operational alliance between AndroxGh0st and Mozi escalates the threat to IoT and cloud services, expanding potential attack surfaces and allowing for coordinated, large-scale botnet operations. This integration poses a high risk for critical infrastructure, with enhanced capabilities for sustained access and increased infection rates across devices.
Read the full article HERE