TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How the ransomware attack at Change Healthcare went down – a timeline
December 18, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- New Gmail Security Warning For 2.5 Billion – Second Attack Wave Incoming
December 18, 2024
As it issues a warning that a second wave of cyber threats against Gmail users is incoming from very persistent attackers, Google has detailed the specific attack methodologies involved and recommended actions that all 2.5 billion Gmail users employ to stay safe and secure. Here’s what you need to know. Although when compared to last year, ...
- Chinese national cyber centre says U.S. hacks stole trade secrets from tech firms
December 18, 2024
China’s national internet emergency response centre said on Wednesday it had found and dealt with two incidents of U.S. cyber attacks on Chinese tech firms to “steal trade secrets” since May 2023. The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) said in a statement published on its website that an advanced materials ...
- Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations
December 18, 2024
C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools. Kaspersky latest investigation unearthed new activity ...
- Dragos Industrial Ransomware Analysis Q3 2024
December 17, 2024
The third quarter (July – September) of 2024 brought transformative shifts to the ransomware landscape, emphasizing its dynamic and continuously evolving nature. The ransomware threat ecosystem remained highly active in the third quarter, fueled by new groups, rebranding of existing entities, expansion of initial access broker operations, and proliferation of illicitly traded tools. Ransomware operators increasingly ...
- Texas medical school says hackers stole sensitive health data of 1.4 million individuals
December 17, 2024
The Texas Tech University Health Sciences Center (TTUHSC) confirmed hackers accessed the personal and sensitive health data of over 1.4 million individuals during a September cyberattack. The cyberattack, which also affected TTUHSC’s El Paso campus, saw attackers steal information including Social Security numbers, financial account information, government-issued ID details, and health information — including medical records ...