Free, Unbiased, and Open threat intelligence

Operation Zero Disco - Cisco SNMP Rootkit Campaign

threat Profile

HIGH
BleepingComputer

Description

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit targeting Cisco switches and unprotected Linux systems. The campaign also attempted to exploit CVE-2017-3881, a seven-year-old vulnerability. The rootkit features a UDP controller with capabilities to bypass security controls, manipulate logs, and enable lateral movement.

MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation T1014 - Rootkit T1070.001 - Indicator Removal: Clear Windows Event Logs T1562.001 - Impair Defenses: Disable or Modify Tools T1557.002 - Adversary-in-the-Middle: ARP Cache Poisoning T1210 - Exploitation of Remote Services T1078 - Valid Accounts T1027 - Obfuscated Files or Information

Related Entities

Indicators of Compromise (9)

3a524bc40ca7c11b68283504f0119caeefd7589edea621d43d5d0cd973354675
transport_force_all_1.tar - Transport layer manipulation tool
81b35152768f28a479ba9f7e27d66042b0d7edcd79355481aa401f3f47a7733b
TracelogRStop_RV2_2.tar - Log manipulation component variant
e303d0c6c59b4dc55edc0212a9319702e9db7fa03185ae9177777b874c02d4c1
transport_force_all_2.tar - Transport layer manipulation tool variant
2abc874435c16aa5cfd431b0d9c26095ef4b9429bd82306f054c367e96df49b2
UDPcontrol.tar - UDP controller rootkit package
9b8a896aa2057f46e17b18bbe091d85fb816b1d3232a3178d6aba94df3a92f6a
TracelogRStop_RV2_1.tar - Log manipulation component
7cc7aed51adb426e55d82fd74c55b78f6ecbb895a315be721ef149a17f4b3a9b
tsfz-trans.zip - Rootkit component archive
235dc2d8c92661e5e2797a03bccd2653272ca1ac93401d194d7784930ca17a5a
tnsz.zip - Rootkit component archive
b08877f6f1c6c097240a6a8aa4a23243e3b14a1432170bc3fa5fa9886a2b19b4
C93K_Toolkit_GD_V1.tar - Cisco 9300 series toolkit
69d761bdde73ea8e33384cf986d7e9c2d9011f7aad8933e8af64e60a77091e11
a2p - ARP spoofing tool

Metadata

Published

7 months ago

Views

16