RondoDox Botnet Swells Its Arsenal — 650% Jump in Enterprise-Focused Exploits

The cybersecurity threat landscape shifted dramatically on October 30, 2025, when security researchers monitoring honeypot infrastructure detected a significantly evolved variant of the RondoDox botnet.

The updated malware now features 75 distinct exploitation vectors, a fundamental expansion that transforms the threat from a primarily IoT-focused botnet into a multifaceted enterprise threat capable of targeting everything from residential routers to mission-critical business infrastructure.

The discovery emerged through automated exploitation attempts originating from IP 124.198.131.83 in New Zealand, where the attack pattern revealed an unprecedented arsenal of command injection payloads delivered with operational precision.

Identified as RondoDox v2, this new iteration represents a substantial escalation from the original strain documented by FortiGuard Labs in September 2024.

All exploitation attempts directed victims toward compromised Command and Control infrastructure, with payloads attempting to download malicious shell scripts from 74.194.191.52.

What distinguished this discovery from routine ...