IoT Botnet Campaigns
Large-scale coordinated attacks on Internet of Things devices and web servers for cryptocurrency mining, DDoS relay infrastructure, reconnaissance payload deployment, and lateral movement.
-
RondoDox Botnet Exploits React2Shell CVSS 10.0 to Hijack 90,300+ IoT Devices and Web Servers
A sophisticated botnet campaign spanning nine months has targeted IoT devices and web applications worldwide, exploiting React2Shell CVE-2025-55182 (CVSS 10.0) as its primary initial access vector since December 2025. With 68,400 vulnerable instances in the U.S. alone, RondoDox systematically enrolls victims into cryptocurrency mining and botnet relay infrastructure.