Expired Domains Used to Control 4,000 Web Backdoors
/ 1 min read
🔑 Cybersecurity firm hijacks 4,000 web backdoors using expired domains. watchTowr Labs successfully took control of over 4,000 unique web backdoors by registering abandoned domains for as little as $20 each. This operation, conducted in collaboration with the Shadowserver Foundation, involved sinkholing the domains to track compromised hosts, which included government and academic institutions across several countries. The backdoors, primarily web shells, provided persistent remote access for attackers and varied in functionality, with some inadvertently leaking their deployment locations. This initiative highlights vulnerabilities in cyber defenses, as attackers often make critical mistakes, such as relying on expired infrastructure.
