The author shares their adventures in mass-hacking-on-autopilot using abandoned and expired infrastructure to hijack backdoors and gain access to compromised systems with minimal effort. They detail how web shells are backdoored and vulnerable, allowing hackers to exploit other hackers. The author observes suspicious activity resembling Lazarus Group’s tooling, possibly used by other attackers. By collecting web shells and registering expired domains, they log incoming requests without engaging systems in illegal activity. Despite dealing with a large amount of data, the author highlights interesting findings, showcasing the vulnerabilities present in these systems.
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/