TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Google Chrome extensions targeted by hackers to steal user passwords
December 30, 2024
Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens. In a statement, the data loss prevention company noted the attack showed signs of being part of a “wider campaign” to target other companies, too. The attack started as many others do ...
- Singapore OSV player Vallianz hit by cyber attack
December 30, 2024
Singapore OSV owner and operator Vallianz has been hit by a cyberattack that has allowed an unknown party unauthorised access to the company’s servers. Upon discovering the ransomware incident, the firm – and its parent company Rawabi Holding Company Limited – took immediate action to identify, contain, and address the incident with the help of external ...
- Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group
December 28, 2024
Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan’s two airports, putting them out of action temporarily, the country’s cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy’s “Russophobes get a well deserved cyber response”. Read more… Source: MSN News Sign ...
- Record-breaking ransoms and breaches: A timeline of ransomware in 2024
December 27, 2024
It was another record-breaking year for ransomware. When file-locking malware wasn’t causing widespread disruption, like downing online services and lasting outages, ransomware was the cause of unprecedented data theft attacks affecting hundreds of millions of people, in some cases for life. While governments have struck some rare wins against ransomware hackers over the past 12 months, ...
- Data breach at IDHS compromises 1M customers
December 26, 2024
On April 25, the Illinois Department of Human Services (IDHS) experienced a privacy breach. An outside entity, through a phishing campaign, gained access to multiple employee accounts, and files associated with the accounts. The files included the Social Security numbers (SSNs) of 4,701 customers and three employees. Separately, public assistance account information (name, public assistance account ...
- Cyberattack on JAL delays some flights, disrupts operations
December 26, 2024
Japan Airlines announced on Dec. 26 that its computer network was hit by a cyberattack, which delayed some flights while the company worked to restore the system and resume normal operations. According to JAL, the cyberattack caused a heavy access load to the network equipment connecting internal and external offices from 7:24 a.m. that morning. The ...