The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection
March 27, 2025
SonicWall Capture Labs threat research team became aware of the threat CVE-2023-22621, assessed its impact and developed mitigation measures for this vulnerability. CVE-2023-22621 is a high-severity vulnerability affecting Strapi versions 3.0.0 through 4.5.5. The flaw permits authenticated Server-Side Template Injection (SSTI), allowing a remote attacker with access to the Strapi admin panel to bypass validation checks ...
- Ukraine state railway says online services partially restored after cyber attack
March 27, 2025
Ukraine’s state-owned railway Ukrzaliznytsia, the country’s largest carrier, has partially restored online services after a large-scale cyber attack hit passenger and freight transport systems, the company said on Thursday. An outage was first reported on Sunday when the rail company notified passengers about a failure in its IT system and told them to buy tickets on ...
- UK MoD probes security breach after documents relating to Catterick Garrison found dumped in street
March 26, 2025
The Ministry of Defence is investigating after a cache of documents containing sensitive military information was found discarded in the street. The papers, some marked “official – sensitive”, were discovered spilling out of a black bin bag in the Scotswood area of Newcastle on March 16 . The BBC reported that they include details about soldiers’ ...
- UK supermarket Morrisons’ sales growth slows after cyber attack
March 26, 2025
British supermarket group Morrisons’ sales growth slowed in its first quarter, reflecting a previously flagged cyber attack at its technology provider which disrupted its operations. The UK’s fifth largest grocer, which has been owned by U.S. private equity firm Clayton, Dubilier & Rice since 2021, said on Wednesday its like-for-like sales rose 2.1% in its quarter ...
- Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
March 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious ...
- KLIA operations not affected after Malaysian airport hit by cyber attack
March 25, 2025
Operations at the Kuala Lumpur International Airport (KLIA) were not affected by a cyber attack by hackers who demanded US$10 million (S$13.4 million). In a joint statement on March 25, the National Cyber Security Agency (Nacsa) and Malaysia Airports Holdings Berhad (MAHB) said they detected a cyber-security threat affecting certain computer systems at KLIA on March ...