Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

North Korean hackers use EtherHiding to hide malware inside blockchain smart contracts

Spotify partners with record labels to develop ‘artist-first’ AI music products

How time crystals could power advanced quantum computers

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Hackers deploy Linux rootkits via Cisco SNMP flaw in ‘Zero Disco’ attack
Identity

Hackers deploy Linux rootkits via Cisco SNMP flaw in ‘Zero Disco’ attack

userBy userOctober 16, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

October 16, 2025Ravi LakshmananVulnerabilities / Linux

Linux rootkit

Cybersecurity researchers have revealed details of a new campaign that exploits recently disclosed security flaws affecting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected systems.

The activity, codenamed “Operation Zero Disco” by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. This intrusion was not caused by any known attacker or group.

The flaw was fixed by Cisco late last month, but not before it was exploited as a zero-day attack in the wild.

DFIR retainer service

“This operation primarily affected Cisco 9400, 9300, and legacy 3750G series devices. There was also an attempt to exploit a modified Telnet vulnerability (based on CVE-2017-3881) to gain memory access,” researchers Dove Chiu and Lucien Chuang said.

The cybersecurity firm also noted that the rootkit allowed attackers to remotely execute code and gain permanent unauthorized access by setting a universal password and installing hooks in the Cisco IOS daemon (IOSd) memory space. IOSd runs as a software process within the Linux kernel.

Another notable aspect of this attack was that it identified victims running older Linux systems without endpoint detection and response solutions enabled, allowing them to fly under the radar and deploy the rootkit. Additionally, the attackers allegedly used spoofed IPs and Mac email addresses for the breach.

In addition to CVE-2025-20352, attackers have also been observed attempting to exploit a Telnet vulnerability that is a modified version of CVE-2017-3881 to allow memory read/write at arbitrary addresses. However, the exact nature of the function remains unknown.

CIS build kit

The name “Zero Disco” comes from the fact that the embedded rootkit sets a universal password containing the word “disco”, which is “Cisco” with one letter changed.

“The malware then installs several hooks on IOSd, which results in the fileless component disappearing after a reboot,” the researchers note. “The new switch model provides some protection through Address Space Layout Randomization (ASLR), which reduces the success rate of intrusion attempts. However, be aware that repeated attempts may still be successful.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleBeware of hidden costs of penetration testing
Next Article Jack & Jill raises $20 million to bring conversational AI to job hunting
user
  • Website

Related Posts

North Korean hackers use EtherHiding to hide malware inside blockchain smart contracts

October 16, 2025

How to Assess and Choose the Right AI-SOC Platform

October 16, 2025

Beware of hidden costs of penetration testing

October 16, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

North Korean hackers use EtherHiding to hide malware inside blockchain smart contracts

Spotify partners with record labels to develop ‘artist-first’ AI music products

How time crystals could power advanced quantum computers

How to Assess and Choose the Right AI-SOC Platform

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

The AI Revolution: Beyond Superintelligence – TwinH Leads the Charge in Personalized, Secure Digital Identities

Revolutionize Your Workflow: TwinH Automates Tasks Without Your Presence

FySelf’s TwinH Unlocks 6 Vertical Ecosystems: Your Smart Digital Double for Every Aspect of Life

Beyond the Algorithm: How FySelf’s TwinH and Reinforcement Learning are Reshaping Future Education

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.