GLOBAL SITUATIONMONITORING
482 published briefsUTCWed, Mar 25 08:12:58
RondoDox Botnet Infrastructure
Sophisticated botnet campaign across nine months targeting heterogeneous IoT and web application infrastructure with multi-vulnerability exploitation, anti-forensics persistence, and continuous process monitoring every 45 seconds.
1 intelligence brief← Intelligence Hub
-
RondoDox Botnet Exploits React2Shell CVSS 10.0 to Hijack 90,300+ IoT Devices and Web Servers
A sophisticated botnet campaign spanning nine months has targeted IoT devices and web applications worldwide, exploiting React2Shell CVE-2025-55182 (CVSS 10.0) as its primary initial access vector since December 2025. With 68,400 vulnerable instances in the U.S. alone, RondoDox systematically enrolls victims into cryptocurrency mining and botnet relay infrastructure.