TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns
December 8, 2023
The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organisations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau ...
- INTERPOL operation reveals further insights into ‘globalization’ of cyber scam centres
December 8, 2023
LYON, France – The first INTERPOL operation specifically targeting the phenomenon of human trafficking-fuelled fraud has revealed further evidence that the crime trend is expanding beyond Southeast Asia. Following five months of investigative coordination, law enforcement from participating countries carried out more than 270,000 inspections and police checks at 450 human trafficking and migrant smuggling hotspots ...
- You versus adversaries: How to become unbeatable in 20 cybersecurity moves
December 8, 2023
In today’s landscape, every business is inherently based on technology, increasing its susceptibility to significant and frequent threats that can hinder operations, success, and sustainability. At times, it can cause damage that is hard to bounce back from. Securing your organization, therefore, requires a deliberate, proactive, and holistic approach — you must keep constant tabs on ...
- MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF
December 7, 2023
FortiGuard Labs recently identified an email phishing campaign using deceptive booking information to entice victims into clicking on a malicious PDF file. The PDF downloads a .NET executable file created with PowerGUI and then runs a PowerShell script to fetch the final malware, known as MrAnon Stealer. This malware is a Python-based information stealer compressed with ...
- Nissan probing possible cyberattack and data breach
December 7, 2023
Japanese car manufacturing giant Nissan is investigating a possible data breach, and is warning customers to be wary of potential scam emails and messages delivering malware. In a brief notification published on the Nissan Oceania websites, it was said that the Australian and New Zealand Corporation and Financial Services suffered a “cyber incident”. This division handles distribution, ...
- Android phones can be taken over remotely – update when you can
December 7, 2023
Takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.” The most severe of these flaws is a vulnerability in the System component that could lead ...