Summary: Researchers hijacked over 4,000 abandoned web backdoors by registering expired domains, preventing malicious actors from taking control of compromised systems. This effort revealed numerous high-profile victims, including government and educational institutions across various countries.

Threat Actor: Various | various
Victim: Government and educational institutions | government and educational institutions

Key Point :

• Researchers registered expired domains to take control of active backdoors.
• Over 4,000 compromised systems were identified, including those in government and educational sectors.
• Different types of backdoors were found, including r57shell, c99shell, and ‘China Chopper’.
• WatchTowr Labs collaborated with The Shadowserver Foundation to manage the hijacked domains and prevent future takeovers.