RondoDox botnet exploits HPE OneView — Silent Investor Threats Analysis

**Confidential Threat Intelligence Report** **Report ID:** TI-2024-007 **Date:** October 26, 2023 **Classification:** RESTRICTED **Prepared by:** Global Threat Intelligence Unit --- ### **Executive Summary** This report details an emerging multi-vector threat landscape involving the **RondoDox botnet**, which exploits a critical vulnerability in HPE OneView, alongside auxiliary threats such as **search engine spoofing campaigns** and the **Morris II AI worm**. These threats collectively represent a sophisticated, layered approach to cyber intrusion, data theft, and ecosystem compromise. The RondoDox botnet, in particular, highlights the risks associated with unpatched enterprise infrastructure, while Morris II underscores the evolving dangers in artificial intelligence (AI) environments. This analysis assesses the tactics, techniques, and procedures (TTPs) of these threats and provides actionable recommendations for mitigation. --- ### **1. Threat Overview: RondoDox Botnet Exploiting HPE OneView** **Source:** *The Register* – “RondoDox botnet exploits critical HPE OneView bug” #### **1.1 Vulnerability Details** - **CVE:** CVE-2023-XXXXX (exact CVE pending disclosure). - **Affected Product:** HPE OneView, a data center management platform used for infrastructure automation and monitoring. - **Nature of Flaw:** A critical remote code execution (RCE) vulnerability allowing unauthenticated attackers to execute arbitrary code on vulnerable instances. - **Exploitation in the Wild:** Actively exploited by the RondoDox botnet since early October