The Latest Intelligence Researchers are raising alarm over the RondoDox botnet, which has aggressively expanded its arsenal to exploit more than 50 security flaws across 30+ vendors. This “exploit shotgun” approach targets a wide range of internet-facing devices-from routers and DVRs to CCTV systems and web servers.
Originally observed in mid-2025 via attacks against TP-Link Archer routers (CVE-2023-1389), RondoDox now spreads via a loader-as-a-service infrastructure that co-delivers Mirai and Morte payloads. Its expanded list of exploited vendors includes D-Link, Linksys, Cisco, QNAP, Apache, Zyxel, and many more.
In some campaigns, attackers also carried out scanning of RDP services and Web Access interfaces, often with overlapping toolsets and centralized command controls.
Why Organizations Should Be Concerned
- The breadth of affected vendors means many organizations unknowingly host vulnerable infrastructure.
- Compromised network devices or IoT systems can be weaponized for DDoS, proxying, or further pivot attacks.
- Legacy devices or unpatched systems may be especially at risk, serving as weak links in otherwise hardened environments.
- The malicious use of loader-as-a-service makes detection and remediation more complex, as multiple payloads may ride along.
What You Can Do Now
- Prioritize patching – update firmware and software on all routers, NVRs, cameras, and network devices to the latest recommended versions.
- Harden access controls – disable unused services, enforce strong credentials, and restrict management interfaces to trusted networks.
- Monitor for anomalous traffic – watch for scanning, unexpected outbound connections, or unexplained resource consumption.
- Segment and isolate IoT / OT devices – prevent lateral movement from compromised endpoints into core systems.
- Pen Test and Red Team IoT / network devices – simulate exploit paths to validate resilience.
- Remove legacy or unsupported devices – decommission systems that no longer receive updates or patches.
About COE Security
COE Security partners with organizations in financial services, healthcare, retail, manufacturing, and government to secure AI-powered systems and ensure compliance. Our offerings include:
- AI-enhanced threat detection and real-time monitoring
- Data governance aligned with GDPR, HIPAA, and PCI DSS
- Secure model validation to guard against adversarial attacks
- Customized training to embed AI security best practices
- Penetration Testing (Mobile, Web, AI, Product, IoT, Network & Cloud)
- Secure Software Development Consulting (SSDLC)
- Customized CyberSecurity Services
In light of botnet threats like RondoDox, we also provide IoT/edge device security assessments, loader-as-a-service detection strategies, network segmentation consulting, and adaptive threat modelling to protect infrastructures from mass exploitation campaigns.
Follow COE Security on LinkedIn for ongoing insights into safe, compliant AI adoption and to stay updated and cyber safe.