TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Uncovering .NET Malware Obfuscated by Encryption and Virtualization
March 3, 2025
This article examines obfuscation techniques used in popular malware families, and offers some insights into possible opportunities for automating unpacking of these malware samples. Palo Alto researchers will examine these behaviors in samples we have observed, showing how to extract their configuration parameters through unpacking each stage. Performing this same process through automation would allow a ...
- Mobile malware evolution in 2024
March 3, 2025
These statistics are based on detection alerts from Kaspersky products, collected from users who consented to provide statistical data to Kaspersky Security Network. The statistics for previous years may differ from earlier publications due to a data and methodology revision implemented in 2024. According to Kaspersky Security Network, in 2024: A total of 33.3 million attacks involving ...
- Philippines: 5.4M cyber attacks against government agencies deterred in 2024
March 1, 2025
The Department of Information and Communications Technology (DICT) was able to prevent over 5 million attempts to compromise the cybersecurity of several government agencies last year. “In 2024, the DICT automatically deterred approximately 5.4 million malicious attempts against 32 government agencies connected to our national security operations,” DICT Undersecretary for Cybersecurity Jeffrey Ian Dy said at ...
- The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT
February 28, 2025
In early 2024, analysts at the Positive Technologies Expert Security Center (PT ESC) discovered a malicious sample. The cybersecurity community named it Poco RAT after the POCO libraries in its C++ codebase. At the time of its discovery, the sample had not been linked to any known threat group. The malware came loaded with a full ...
- New spyware found to be snooping on thousands of Android and iOS users
February 28, 2025
Hundreds of thousands of Android users, as well as several thousand iPhone users, have had their sensitive data compromised by a spouseware app, called Spyzie. The apps were found leaking email addresses, text messages, call logs, photographs, and other sensitive data, belonging to millions of people who, without their knowledge or consent, have had these apps ...
- Cyber Attack Keeps Cleveland Municipal Court Offline
February 28, 2025
Cleveland Municipal Court will remain closed Thursday, four days after officials announced a cyber attack against the court. The court has been closed since Monday. All internal systems and software, including the court’s website, have been shut down and will remain offline as authorities work to figure out what happened and the best time to restore ...