TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Excel File Deploys Cobalt Strike at Ukraine
June 3, 2024
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. The attacker uses a multi-stage malware strategy to deliver the notorious “Cobalt Strike” payload and establish communication with a command and control (C2) server. This attack employs various evasion techniques to ensure successful ...
- UK: The Princess of Wales’s hospital data breach not referred to police due to suspected ‘decoy’ plan
June 3, 2024
The Princess of Wales’s hospital data breach has not been referred to police as an expert explains that a “decoy” plan could have been in use – meaning her actual medical files were not accessed by the perpetrators. Despite Health Minister Maria Caulfield revealing back in March that the police had been asked to look into ...
- Inside The Box: Malware’s New Playground
June 3, 2024
Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). Even though BoxedApp has been commercially available for a while, ...
- Ticketmaster confirms customer data breach
June 1, 2024
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation. ...
- Santander data breach: 30m account and credit card details up for sale on dark web
June 1, 2024
According to reports, Santander customer and staff data has been put up for sale on the dark web. The details relate to the data leak reported earlier in May. Data leaked included HR details for staff, 30m customers’ bank account details, and 28m credit card numbers. The bank, which is the eurozone’s second-largest lender, has around ...
- BBC cyber attack exposes details of 25,000 current and former staff
May 30, 2024
The personal data of more than 25,000 former and current BBC employees has been exposed in a major cyber attack targeting the broadcaster’s pension scheme. Information including names, addresses and National Insurance numbers was compromised after files containing personal details were stolen from a cloud data storage service earlier this month. It is not yet known who ...