More than 4,000 website vulnerabilities disabled thanks to expired domains

According to BleepingComputer , two experts from the cybersecurity company watchTowr, Benjamin Harris and Aliz Hammond, discovered many expired domains that were used to control unauthorized access points around the world. By re-registering the above domains, the research team took control and prevented the website vulnerabilities from being exploited again in the future.

To do this, the researchers set up a system to record requests from the malware involved. They found that the software was still running and sending requests from compromised systems, even if they were no longer actively operating. Through this, they identified a number of victims and popular access control software such as r57shell, c99shell, and China Chopper.

These unauthorized access points were installed on many servers belonging to governments, universities and large organizations around the world . The victims included systems in China, Thailand, South Korea, Nigeria and Bangladesh. Among them, some systems of government agencies and courts in China were compromised.

The software ranged in complexity from advanced hacking tools used by organized hacker groups to simpler ones, leading researchers to suspect that multiple groups were involved, with varying degrees of skill. Some source IP addresses were found to be linked to Hong Kong and China, but experts said these were likely just intermediary servers, not definitive proof of the origin of the attacks.

Some of the malware has been linked to the notorious Lazarus Group, but in this case, experts believe it may have been repurposed by other attackers.

At the time of publication, the number of vulnerabilities discovered was 4,000, but researchers warn that the actual number could be much higher as not all compromised systems have been identified. Taking control of and disabling these vulnerabilities is considered an important measure to prevent them from being exploited for malicious purposes in the future.