TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 23andMe blames “negligent” breach victims, says it’s their own fault
January 4, 2024
In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors managed to access ...
- Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices
January 3, 2024
On December 5th, 2023, FortiGuard’s AI-driven OSS malware detection system identified three intriguing PyPI (Python Package Index) packages. These packages, upon initial use, deploy a CoinMiner executable on Linux devices. Leveraging our historical malware database, Fortinet researchers noted that the indicators of compromise (IoCs) for these packages bear a resemblance to the “culturestreak” PyPI package discovered ...
- Orange suffers cyber attack affecting clients’ internet access in Spain
January 3, 2024
The Spanish unit of telecoms provider Orange on Wednesday suffered a cyber attack that affected an undisclosed number of clients who could not access certain websites, a company spokesperson said. The unauthorized access to Orange’s IP network coordination centre has been mostly solved and was neutralized by Orange, the second largest telecoms provider in Spain, the ...
- ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks
January 2, 2024
Hospitals and banks are more exposed to cyber attacks because “lazy” broadband engineers are failing to fill in crucial forms, it has been alleged. Industry sources warned of a “Wild West” among contractors who are not handing over information about when and where they are working on BT’s network. Read more… Source: MSN News
- Cyber-hackers target UK nuclear waste company RWM
December 31, 2023
Hackers have targeted the company behind a £50bn project to build a vast underground nuclear waste store in Britain, its developer has said. Radioactive Waste Management, the company behind the Geological Disposal Facility (GDF) project, has said that hackers unsuccessfully attempted to breach the business using LinkedIn. RWM is the government-owned entity behind a trio of ...
- Mint Mobile reveals another major data breach
December 29, 2023
American mobile virtual network operator (MVNO) Mint Mobile has confirmed suffering a data breach affecting an unknown number of its customers. The company revealed the news in an email sent to its customers, in which it explained “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained ...