According to BleepingComputer , two experts from the cybersecurity company watchTowr, Benjamin Harris and Aliz Hammond, discovered many expired domains that were used to control unauthorized access points around the world. By re-registering the above domains, the research team took control and prevented the website vulnerabilities from being exploited again in the future.
One of the expired website domains that was once used as a tool for hackers has now been re-registered and its security vulnerabilities have been disabled.
To do this, the researchers set up a system to record requests from the malware involved. They found that the software was still running and sending requests from compromised systems, even if they were no longer actively operated. Through this, they identified a number of victims and popular hijackers such as r57shell, c99shell, and China Chopper.
These unauthorized access points were installed on many servers belonging to governments, universities and large organizations around the world . The victims included systems in China, Thailand, South Korea, Nigeria and Bangladesh. Among them, some systems of government agencies and courts in China were compromised.
The software ranges in complexity from advanced hacking tools used by organized hacker groups to simpler ones, leading researchers to suspect that multiple groups are involved, with varying levels of expertise. Some source IP addresses have been traced to Hong Kong and China, but experts say these may be just intermediary servers, not definitive proof of the origin of the attacks.
Some of the compromised software has been linked to the notorious Lazarus Group, but in this case, experts say it may have been repurposed by other attackers.
At the time of publication, the number of vulnerabilities discovered was 4,000, but researchers warn that the actual number could be much higher as not all compromised systems have been identified. Taking control of and disabling these vulnerabilities is considered an important measure to prevent them from being exploited for malicious purposes in the future.
Source: https://thanhnien.vn/hon-4000-lo-hong-website-bi-vo-hieu-nho-ten-mien-het-han-185250110144809547.htm
![[Photo] Prime Minister Pham Minh Chinh chaired a meeting to evaluate the operation of the two-level local government model.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/29/1761751710674_dsc-7999-jpg.webp)
![[Photo] Human love in the flood in Hue](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/29/1761740905727_4125427122470875256-2-jpg.webp)
![[Photo] Hue: Inside the kitchen that donates thousands of meals a day to people in flooded areas](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/29/1761738508516_bepcomhue-jpg.webp)
![[Live] Concert Ha Long 2025: "Heritage Spirit - Brightening the Future"](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/10/29/1761743605124_g-anh-sang-am-thanh-hoanh-trang-cua-chuong-trinh-mang-den-trai-nghiem-dang-nho-cho-du-khach-22450328-17617424836781829598445-93-0-733-1024-crop-1761742492749383512980.jpeg)
Comment (0)