Researchers Hijack 4,000 Web Backdoors via Expired Domains
/ 1 min read
🕵️♂️ Researchers hijack over 4,000 web backdoors to prevent future attacks. Security researchers from WatchTowr Labs, in collaboration with The Shadowserver Foundation, registered expired domains used by active web backdoors, effectively sinkholing their communication infrastructure. This proactive measure thwarted potential exploitation of these backdoors, which were found on high-profile targets, including government and educational institutions in various countries. The researchers identified multiple types of malware, including the r57shell and c99shell, and discovered compromised systems within China’s government and other nations. By taking control of these domains, they ensured that malicious actors could not exploit them, highlighting the ongoing risks posed by abandoned malware operations. Shadowserver will now manage the hijacked domains to prevent future takeovers.
