(An Autonomous Body Recognized by Ministry of Commerce & Industry, Government of India)
Competency based placement focussed Education I Training I Research I Consultancy
Operation Zero Disco: Cisco SNMP Flaw Exploited to Install Linux Rootkits
Researchers disclosed a campaign, Operation Zero Disco, that exploited a recently patched Cisco IOS and IOS XE vulnerability to install Linux rootkits on legacy devices. The attackers weaponized CVE-2025-20352, a SNMP stack‑overflow flaw (CVSS 7.7) that lets authenticated remote actors execute code by sending crafted SNMP packets. Victims included Cisco 9400, 9300 and older 3750G series switches; intruders also attempted a modified Telnet‑based memory access exploit. The rootkits granted persistent remote control by injecting hooks into the IOSd process, creating a universal “disco” password, disabling logs, altering timestamps and hiding configuration changes. Operators used spoofed IPs and MACs and targeted routers running outdated Linux without EDR, facilitating stealthy deployments and fileless components that vanish after reboot. A UDP controller listens for commands, toggles logging, and bypasses AAA checks. Cisco released patches last month; administrators should apply updates, validate configurations, and inspect systems for indicators of compromise and perform forensic audits.
21-10-2025
📰 Recent News
- Microsoft Impersonation Scam Uses Fake Support Alerts to Steal Credentials
- Windows Rust Kernel Bug Causes System Crashes Despite Memory Safety
- TikTok Malware Campaign Tricks Users with Fake Software Activations
- Operation Zero Disco: Cisco SNMP Flaw Exploited to Install Linux Rootkits
- EtherHiding Used by North Korean Group to Deliver Modular Malware