The initial access seems to include an Apache CVE from 2019 and a WordPress plugin CVE from 2017. Honestly, UCSD should write a “thank you” letter to Androxgh0st for highlighting their poor patch management, and only using it for C2 in the process. Rather than as a beachhead into the network for a full-blown ransomware attack.
If your patch management is this bad, you shouldn’t be allowed to put stuff on the internet.
The initial access seems to include an Apache CVE from 2019 and a WordPress plugin CVE from 2017. Honestly, UCSD should write a “thank you” letter to Androxgh0st for highlighting their poor patch management, and only using it for C2 in the process. Rather than as a beachhead into the network for a full-blown ransomware attack.
If your patch management is this bad, you shouldn’t be allowed to put stuff on the internet.