TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US prescription market hamstrung for 9 days (so far) by ransomware attack
March 1, 2024
Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment processor, pharmacies, health care providers, and patients were still scrambling to fill prescriptions for medicines, many of which are lifesaving. On Thursday, UnitedHealth Group accused a notorious ransomware gang known both as AlphV and Black Cat of hacking its subsidiary, Optum. ...
- Here Come the AI Worms
March 1, 2024
In a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers have created one of what they claim are the first generative AI worms—which can spread from one system to another, potentially stealing data or deploying malware in the process. “It basically means that now you have the ability to conduct or ...
- Malicious meeting invite fix targets Mac users
March 1, 2024
Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine. Cybersecurity expert Brian Krebs investigated and flagged the issue. Scammers, impersonating ...
- Hackers stole ‘sensitive’ data from Taiwan telecom giant
March 1, 2024
Hackers stole “sensitive information” including military and government documents from Taiwan’s largest telecom company and sold it on the dark web, the island’s ministry of national defence has said. The confirmation of the democratic island’s latest major data leak followed a report by local news channel TVBS on the hack of telecom giant Chunghwa Telecom. Read more… Source: ...
- #StopRansomware: Phobos Ransomware
February 29, 2024
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open source reporting. Phobos is structured as a ransomware-as-a-service ...
- Golden Corral Corporation Provides Notice of Data Privacy Event
February 29, 2024
Golden Corral Corporation is notifying certain individuals of a recent incident that may impact the privacy of past and present employees, dependents, and beneficiary personal information. Golden Corral is unaware of any misuse of the information and is providing notice to potentially affected individuals out of an abundance of caution. On or about August 15, 2023, ...