TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: Reported cyber security breaches increase threefold for financial services firms
September 25, 2023
Cyber security breaches for UK financial services firms have increased threefold from the years of 2021-2022 and 2022-2023, with the highest – reportedly – being in the pensions sector. New research by the international law firm RPC shows that the amount of reports of cyber security breaches to the Information Commissioners Office (ICO) has increased from ...
- Hackers break into Russian database with data on hundreds of millions of flights
September 23, 2023
Ukrainian hackers have hacked into the Russian database of the Sirena-Travel booking system, obtaining information on 664 million flights over the last 16 years. They also obtained the names, phone numbers and document numbers of the passengers. News of this was posted on the Telegram channel of the hacker community KibOrg. An unknown group called Muppets, ...
- Lingerie group Wacoal hit by cyber attack
September 22, 2023
The websites for Wacoal, Fantasie, Freya and Elomi are all down and displaying an error message stating that the sites are “under maintenance”. One independent Wacoal stockist told Drapers the European arm of the Japanese business had been hit by a cyber attack on Tuesday (19 September) which has affected ordering systems, websites and phone systems. Read ...
- Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government
September 22, 2023
A cluster of threat actor activity that Unit 42 observed attacking a Southeast Asian government target could provide insight into a rarely seen, stealthy APT group known as Gelsemium. The researchers found this activity as part of an investigation into compromised environments within a Southeast Asian government. Unit 42 researchers identified the cluster as CL-STA-0046. This unique ...
- Bermuda: Governor Confirms A ‘Major Cyber-Attack’
September 22, 2023
“Bermuda’s Government IT systems were subjected to a major cyber-attack” and the UK’s National Cyber Security Centre and the National Crime Agency “have been in contact with the Bermuda authorities, and are providing advice to support them,” Governor Rena Lalgie said. The Governor said, “Yesterday Bermuda’s Government IT systems were subjected to a major cyber-attack. That ...
- Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing Operations
September 22, 2023
During the lead up to Ukraine’s counteroffensive, Mandiant and Google’s Threat Analysis Group (TAG) have tracked an increase in the frequency and scope of APT29 phishing operations. Investigations into the group’s recent activity have identified an intensification of operations centered on foreign embassies in Ukraine. Notably, as part of this activity, Mandiant have seen phishing emails ...