Tags
Botnet Operator
Attribution
Incidents
Mozi Botnet Using AndroxGh0st Toolkit to Target Cloud Environments
References
https://www.cloudsek.com/blog/mozi-resurfaces-as-androxgh0st-botnet-unraveling-the-latest-exploitation-wave
Last edited
Dec 25, 2024 11:58 AM
Status
Stub
Cloud-fluent
Targeted geography
AsiaEast AsiaEastern Europe
The Mozi botnet primarily operated in China, India, and Albania, targeting Netgear, Dasan, D-Link routers, and MVPower DVR Jaws servers. In 2021, Chinese law enforcement arrested the individuals responsible for the botnet. Following the arrests, either the creators themselves, under law enforcement pressure, or the authorities directly, deployed an update that severed the Mozi botnet agents' connections to the outside world, effectively dismantling most of the botnet and leaving only a small number of active bots.