"this blog. trend micro customers can also access tailored hunting queries, threat insights, and intelligence reports to better understand and proactively defend against this campaign. in addition, trend customers are protected from the cisco snmp vulnerability exploits via the sp…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
82%
"##less components disappearing after a reboot. newer switch models provide some protection via address space layout randomization ( aslr ) which reduces the success rate of intrusion attempts ; however, it should be noted that repeated attempts can still succeed. trend micro tele…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
79%
"operation zero disco : attackers exploit cisco snmp vulnerability to deploy rootkits exploits & vulnerabilities operation zero disco : attackers exploit cisco snmp vulnerability to deploy rootkits trend™ research has uncovered an attack campaign exploiting the cisco snmp vulnerab…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
75%
"captures show that the exploit traffic targeted a 3750g snmp service ; unfortunately, the exploit code was not fully recovered. figure 1 shows a malicious snmp packet we captured in the wild that reveals part of the hacker ’ s command, " $ ( ps - a " : investigation suggests that…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1068Exploitation for Privilege Escalation
66%
"captures show that the exploit traffic targeted a 3750g snmp service ; unfortunately, the exploit code was not fully recovered. figure 1 shows a malicious snmp packet we captured in the wild that reveals part of the hacker ’ s command, " $ ( ps - a " : investigation suggests that…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series.