🔍 We looked at the C2 server associated with the Flodrix botnet and used an internet-exposed RPC service to uncover a world-readable NFS mount and 745 compromised hosts!
| Website | https://censys.com/ |
| Censys Platform | https://platform.censys.io |
Censys
@censys@infosec.exchange
- 240 Followers
- 22 Following
- 186 Posts
Censys’ mission is to be the one place to understand everything on the internet. Frustrated by the lack of trustworthy Internet intelligence, we set out to create the industry's most comprehensive, accurate, and up-to-date map of the Internet. Today, Censys delivers real-time Internet intelligence and actionable threat insights to global governments, over 50% of the Fortune 500, and leading threat intelligence providers worldwide. Learn more at Censys.com.
Around 12PM UTC on June 18, scan error rates in Iran surged to nearly 100%, indicating a sudden, nationwide outage affecting almost all services. Systems that were previously reachable are now timing out or rejecting connections.
We used the new Censys Threat Hunting Module to investigate a Colombian threat actor, uncovering a series of remote access trojan (RAT) C2 servers.
We also show how to use this information to create a set of IOCs for defensive measures:
https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign
A defining moment for Censys - We are excited to announce that the Threat Hunting Module in the new Censys Platform is now #ga
https://www.censys.com/blog/internet-scale-proactive-threat-hunting-and-detection
In October 2024, Censys researchers discovered ~400 U.S. water facility web-based HMIs exposed online. Within a month of sharing data with the EPA and the vendor, 58% of systems were protected. Read more here:
Thousands of compromised ASUS routers are being co-opted into a volatile but persistent botnet. Our latest blog takes IoCs from @greynoise and breaks down how the AyySSHush campaign has evolved over the past 5 months — and what makes it stand out:
https://censys.com/blog/tracking-ayysshush-a-newly-discovered-asus-router-botnet-campaign
Trend Micro recently uncovered a campaign leveraging TikTok to distribute malware via AI-generated videos, tricking users into installing Vidar and StealC infostealers instead of the promised pirated software.
Using IOCs provided by Trend Micro, we used Censys to find more related infrastructure, including a relatively new bulletproof service provider. Read our analysis here:
🚩 May 7 Advisory: Unauthenticated Code Injection Vulnerability in Langflow [CVE-2025-3248] https://censys.com/advisory/cve-2025-3248
If you think Salt Typhoon has moved on—you might want to double-check your attack surface. We’re still seeing critical telecom infrastructure exposed to active targeting. Find out what we uncovered (and what you should be looking for) https://censys.com/blog/salt-typhoon-attacks-highlight-need-for-advanced-defenses
May 6 Advisory: Critical RCE Vulnerability Identified in Craft CMS [CVE-2025-32432] https://censys.com/advisory/cve-2025-32432
