TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs
August 6, 2019
Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required. Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is ...
- Cyberattacks against industrial targets have doubled over the last 6 months
August 5, 2019
Cyberattacks designed to cause damage have doubled in the past six months and 50 percent of organizations affected are in the manufacturing sector, researchers say. On Monday, IBM’s X-Force IRIS incident response team published new research based on recent cyberattacks they have been called in to assist with, and the main trend the group is witnessing is the ...
- A cyber-espionage group has been stealing files from the Venezuelan military
August 5, 2019
A cyber-espionage group known as “Machete” has been observed stealing sensitive files from the Venezuelan military, according to an ESET report published today. The group, known to have been active since 2010, has historically gone after a wide range of targets from all over the world. However, ESET said that starting with this year, Machete has ...
- Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
August 5, 2019
We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware ...
- New Dragonblood vulnerabilities found in WiFi WPA3 standard
August 3, 2019
Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance’s recently launched WPA3 WiFi security and authentication standard. Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard. The two researchers — Mathy Vanhoef and Eyal Ronen — found these two new bugs in ...
- Nation-State APTs Target U.S. Utilities With Dangerous Malware
August 2, 2019
Researchers believe that nation-state actors are behind several spearphishing campaigns targeting U.S. utility companies with a newly-identified malware, which has the capabilities to view system data and reboot machines. Lure emails were sent to three U.S. utilities companies between July 19 and 25. They purported to be from a U.S.-based engineering licensing board, but actually contained ...