New Research: RondoDox v2 Shows 650% Increase in Exploits and Expanded Targets

New research has identified a significant evolution in the RondoDox botnet, initially reported by FortiGuard Labs in 2024. The upgraded version, RondoDox v2, demonstrates a substantial increase in sophistication and scale, with a 650% rise in exploitation vectors, now encompassing over 75 CVEs. This expansion significantly broadens the potential attack surface, making the botnet more versatile and dangerous. Additionally, RondoDox v2 employs a new Command and Control (C&C) infrastructure hosted on compromised residential IPs, a tactic designed to evade detection and complicate mitigation efforts. The botnet now features 16 distinct architecture variants, indicating a high level of adaptability and making it more challenging to defend against. An open attacker signature, bang2013@atomicmail[.]io, has been identified, which can aid in threat attribution and tracking. Notably, the target scope has expanded from DVRs and routers to include enterprise systems, highlighting a shift towards more valuable and sensitive targets. This evolution underscores the necessity for continuous monitoring and updating of security measures. Organizations should prioritize regular system updates and patches to address known vulnerabilities, implement advanced threat detection systems, and monitor network traffic for unusual patterns indicative of botnet activity. Sharing threat intelligence within the cybersecurity community is also crucial for collective defense against such evolving threats. The technical implications of RondoDox v2's upgrades are profound, necessitating heightened vigilance and robust defensive strategies to mitigate the increased risk posed by this sophisticated botnet.