TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Telegram Zero-Day Let Hackers To Spread Malware Hidden in Videos
July 24, 2024
Cybersecurity researchers at ESET discovered a zero-day vulnerability that targeted the Telegram for Android app and sent malicious files disguised as videos through chats. The zero-day exploit, dubbed “EvilVideo,” allowed hackers to share Android payloads via Telegram channels, groups, and chats, and make them appear to be multimedia files. This exploit targeted only Android Telegram versions ...
- Stargazers Ghost Network
July 24, 2024
Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods. Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that ...
- Ransomware attack shuts down The Superior Court of Los Angeles County
July 22, 2024
The Superior Court of Los Angeles County will be closed on Monday as they continue to recover from a ransomware attack that happened last week. Because of this, all 36 courthouse locations across LA County will be closed to start the week as work continues on the repair and reboot of network systems that were shut ...
- Cybercriminals quickly exploit CrowdStrike chaos
July 20, 2024
Who loves a global outage? Phishers, fraudsters and all manner of creeps Criminals didn’t waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious domains purporting to be fixes.… Just hours after a faulty CrowdStrike file shut down Windows machines around the globe, reports surfaced of ...
- Number of data breach victims goes up 1,000%
July 19, 2024
Nope, that headline’s not a typo. Over one thousand percent. The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims). The ITRC is a national non-profit organization set up with the goal of minimizing the risk and mitigating the impact of identity compromise. ...
- North Korean hackers are targeting Apple Mac devices with updated malware
July 19, 2024
North Korean state-sponsored threat actors are once again setting up fake job interviews in a bid to infect unsuspecting victims with infostealing malware – but this time around, they are focusing on Apple users. Cybersecurity researcher Patrick Wardle recently discovered a new variant of BeaverTail, a known infostealer capable of grabbing sensitive information from web browsers ...