TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- A first analysis of the i-Soon data leak
February 21, 2024
Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon (aka Anxun) is believed to be a private contractor that ...
- re: Zyxel VPN Series Pre-auth Remote Command Execution
February 21, 2024
On January 25, 2024, SSD Secure Disclosure posted a disclosure titled Zyxel VPN Series Pre-auth Remote Command Execution. The writeup describes an unauthenticated remote command injection vulnerability affecting Zyxel VPN firewalls. That caught VulnCheck researchers attention. The Zyxel VPN series has appeared on the CISA KEV four times now, and the original disclosure didn’t mention a ...
- Australia: OAIC to investigate legal consultant’s data breach
February 21, 2024
The Australian Information Commissioner has launched an investigation into a law firm that provides legal and consulting services to the government, in relation to a data breach and the publication of some of that data on the dark web. At least 65 government entities were affected by the breach last year. The announcement on Wednesday follows ...
- Europol: Tips & advice to prevent ransomware from infecting your electronic devices
February 21, 2024
Ransomware is a type of malware that locks your computer and mobile devices or encrypts your electronic files, demanding a ransom payment through certain online payment methods (and by an established deadline) in order to regain control of your data. It can be downloaded through fake application updates or by visiting compromised websites. It can also ...
- Sharp rise in cyber attacks at UK law firms as hackers eye sensitive data
February 21, 2024
The number of reported cyber attacks on UK law firms has increased 36 per cent over the past year. According to data by speciality reinsurance group Chaucer, there were 166 reported cyber breaches in 2021/22, this number jumped to 226 for 2022/23 (as of 30 September). Chaucer says that the large number of attacks against law ...
- Vibrator virus steals your personal information
February 21, 2024
I know that some of you are expecting a post similar to that about a toothbrush botnet, but this is not a hypothetical case. It actually happened. A Malwarebytes Premium customer started a thread on Reddit saying we had blocked malware from trying to infect their computer after they connected a vibrator to a USB port ...