TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Sneaky GPU.zip technique steals sensitive information from your graphics card
December 21, 2023
Researchers from four top American universities have uncovered a new way for threat actors to sneakily access visual information from your graphics card while you’re online and browsing certain websites. The researchers call this threat “GPU.zip,” because it takes advantage of the hidden data compression methods used by modern graphics processing units (GPUs) to leak visual ...
- Why Is an Australian Footballer Collecting My Passwords?
December 20, 2023
Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In some campaigns, attackers created chatbots that they registered to someone noteworthy such as an Australian footballer. Other malware campaigns they saw included both web skimmers injected into compromised sites ...
- U.S. National Security Agency Publishes 2023 Cybersecurity Year in Review
December 19, 2023
FORT MEADE, Md.–The National Security Agency (NSA) published its 2023 Cybersecurity Year in Review today to share its recent cybersecurity successes and how it is working with partners to deliver on cybersecurity advances that enhance national security. This year’s report highlights NSA’s work with U.S government partners, foreign partners, and the Defense Industrial Base. “The combined ...
- Seedworm: Iranian Hackers Target Telecoms Organisations in North and East Africa
December 19, 2023
Iranian espionage group Seedworm (aka Muddywater) has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania. Seedworm has been active since at least 2017, and has targeted organizations in many countries, though it is most strongly associated with attacks on organizations in the Middle East. It has been publicly stated that Seedworm ...
- Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla
December 19, 2023
First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM to spread Agent Tesla to users on vulnerable versions of Microsoft Office. The CVE-2017-11882 vulnerability is ...
- #StopRansomware: ALPHV Blackcat
December 19, 2023
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as Dec. 6, 2023. This advisory provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators ...