| Category | Details |
|---|---|
| Threat Actors | Androxgh0st botnet, leveraging Mozi botnet payloads. |
| Campaign Overview | Exploitation of decade-old CVE-2014-2120 in Cisco ASA, alongside Atlassian JIRA and Sophos Firewall vulnerabilities. |
| Target Regions (Or Victims) | Organizations using Cisco ASA, Atlassian JIRA, Sophos Firewall, Oracle EBS, and PHP frameworks globally. |
| Methodology | Exploits CVE-2014-2120 for Cross-Site Scripting (XSS) and other vulnerabilities for RCE, persistence, and malware delivery. |
| Product Targeted | Cisco Adaptive Security Appliance (ASA), Atlassian JIRA, Sophos Firewall, PHP frameworks, Oracle EBS. |
| Malware Reference | Androxgh0st botnet, leveraging Mozi botnet. |
| Tools Used | Botnet payloads and appending methods for malware persistence. |
| Vulnerabilities Exploited | CVE-2014-2120 (Cisco ASA), CVE-2021-26086 (Atlassian JIRA), CVE-2021-41277 (Metabase GeoJSON API). |
| TTPs | Exploits XSS and RCE vulnerabilities; uses malware for persistence and lateral movement. |
| Attribution | Androxgh0st botnet operations observed since January 2024, incorporating IoT-focused tactics. |
| Recommendations | Apply updates for affected systems (e.g., Cisco ASA, Atlassian JIRA), monitor attack surfaces, and leverage threat intelligence tools like SOCRadar. |
| Source | SocRadar |
Read full article: https://socradar.io/cisco-asa-cve-2014-2120-fuels-androxgh0st-botnet/
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply