- Bondnet was first introduced to the public in 2017 through an analysis report by GuardiCore.
- In 2022, a DFIR Report on the XMRig miner targeting SQL Server discussed Bondnet and its backdoor.
- There is no known information about Bondnet attackers’ activities since then, but recent attacks have been confirmed.
- According to ASEC, Bondnet attackers continue to be active based on the analysis of systems infected with the Bondnet miner.
- Since 2023, Bondnet attackers have been observed setting up a reverse RDP environment on high-performance botnets and using them as C2 servers.
- The backdoor of Bondnet has established a reverse RDP environment on high-performance bots that meet certain conditions.
https://asec.ahnlab.com/ko/65885/