TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ducktail fashion week
November 10, 2023
Ducktail is a malware family that has been active since the second half of 2021 and aims to steal Facebook business accounts. Kaspersky Daily Iran, WithSecure, and GridinSoft have all covered Ducktail attacks: the infostealer spread under the guise of documents relating to well-known companies’ and brands’ projects and products. The group behind the Ducktail attacks presumably ...
- CVE-2023-5950 Rapid7 Velociraptor Reflected XSS
November 10, 2023
This advisory covers a specific issue identified in Velociraptor and disclosed by a security code review. CVSS · HIGH · 8.6/10 · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Scoring scenario: GENERAL AattackVector: NETWORK AttackComplexity: LOW PrivilegesRequired: NONE Read more… Source: Rapid7
- U.S. arm of China mega-lender ICBC hit by ransomware attack
November 10, 2023
The U.S. arm of China’s largest bank said Thursday that it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the U.S. Treasury market. Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing ...
- Modern Asian APT groups’ tactics, techniques and procedures (TTPs)
November 9, 2023
This report consists of six main sections – Incidents involving Asian APT groups in various regions of the planet Information on five unique incidents that Kaspersky researchers detected in different parts of the world. Each incident is a unique case within a specific country and industry, and they provide a description of the actions and TTPs ...
- Secretary General: Through NATO, we can build a secure cyberspace for all
November 9, 2023
The Secretary General emphasized that cyber is driving strategic competition and that authoritarian regimes, including China and Russia, are: “challenging our interests, our values and our security.” He said they are: “determined to shape the future of cyberspace in own image with little transparency and no regard for human rights.” At the Vilnius Summit this ...
- Threat Predictions for 2024: Chained AI and CaaS Operations Give Attackers More “Easy” Buttons Than Ever
November 9, 2023
With the growth of Cybercrime-as-a-Service (CaaS) operations and the advent of generative AI, threat actors have more “easy” buttons at their fingertips to assist with carrying out attacks than ever before. By relying on the growing capabilities in their respective toolboxes, adversaries will increase the sophistication of their activities. They’ll launch more targeted and stealthier hacks ...