US University Targeted by Androxgh0st Botnet Operators for C2 Logger Hosting

CloudSEK’s TRIAD team has made the shocking discovery that the Androxgh0st botnet is a persistent and dynamic cyberthreat.

It has targeted a subdomain of the University of California, San Diego, specifically the “USArhythms” portal associated with the USA Basketball Men’s U19 National Team for the 2025 FIBA Under-19 Basketball World Cup, to host its command-and-control (C2) logger panels.

This marks a significant escalation in the botnet’s tactics, exploiting trusted academic domains to mask malicious activities.

Sophisticated Cyber Threat

Since its early operations in 2023, Androxgh0st has expanded its arsenal, weaponizing over 20 vulnerabilities and employing a 50% increase in initial access vectors (IAVs) since CloudSEK’s last report.

The botnet targets a range of platforms, including Apache Shiro, Spring Framework (via the critical Spring4Shell CVE-2022-22965), WordPress plugins like “Popup Maker” (CVE-2019-17574), and IoT devices such as Lantronix PremierWave (CVE-2021-21881), to execute remote ...