TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- China becomes main victim of advanced persistent threat attacks: Ministry of State Security
September 16, 2023
According to the Ministry of State Security on Saturday which is the 23rd National Defense Education Day, China has become the main victim of advanced persistent threat (APT) attacks, adding that cyberspace has become an important battleground for foreign intelligence agencies to conduct cyber espionage against China, Xinhua Daily Telegraph reported. The national security departments of ...
- UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
September 15, 2023
UNC3944 is a financially motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to obtain credentials to gain and escalate access to victim organizations. At least some UNC3944 threat actors appear to operate in underground communities, such as Telegram and underground forums, which they may leverage to acquire tools, ...
- Cyber-attacks: the apex of crime-as-a-service (IOCTA 2023)
September 15, 2023
The Spotlight Report ‘Cyber-attacks: the apex of crime-as-a-service’, examines the developments in cyber-attacks, discussing new methodologies and threats as observed by Europol’s operational analysts. It also outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalised groups are exploiting changes in geopolitics as part of their methodologies. This report is the ...
- Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
September 14, 2023
Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe. Based upon the profile of victim organizations targeted and the observed ...
- UK: Greater Manchester Police officers’ details hacked in cyber attack
September 14, 2023
Police officers’ personal details have been hacked after a company was targeted in a cyber attack. The firm in Stockport, which makes ID cards, holds information on various UK organisations including some of the staff employed by Greater Manchester Police (GMP). The force confirmed it was aware of the ransomware attack. The hack means thousands of ...
- China: Identity of NSA hacker behind cyberattack on China’s leading aviation university identified
September 14, 2023
During the investigation of the cyberattack against Northwestern Polytechnical University (NPU), a leading Chinese aviation university, China has successfully extracted multiple samples of the spyware named SecondDate, and with the collaborative efforts of partners in various countries, the real identity of the US’ National Security Agency (NSA) personnel responsible for launching the cyberattack on NPU ...