CSOonline

Russian cyber spy group APT28 backdoors Cisco routers via SNMP

The spy agency has been exploiting an old vulnerability that allows bad actors to gain access through simple network management protocol credentials. APT28, the hacking arm of Russia’s GRU military ...
Bleeping Computer

Hackers exploit Cisco SNMP flaw to deploy rootkit on switches

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. The security issue ...
Threat Post

Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE

Cisco patched nine publicly disclosed remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software. Cisco has patched nine serious remote code execution ...
Bleeping Computer

US, UK warn of govt hackers using custom malware on Cisco routers

The US, UK, and Cisco are warning of Russian state-sponsored APT28 hackers deploying a custom malware named 'Jaguar Tooth' on Cisco IOS routers, allowing unauthenticated access to the device. APT28, ...
IT News For Australia Business

Fancy Bear used old SNMP bug to infect routers

Since 2021, Russia’s APT28 hackers – also known as Fancy Bear and other names – have been recruiting older, unpatched Cisco routers into a malware operation. In a joint advisory, the UK National Cyber ...
Infosecurity-magazine.com

New Rootkit Campaign Exploits Cisco SNMP Flaw to Gain Persistence

A campaign that exploited a Cisco Simple Network Management Protocol vulnerability to install Linux rootkits on exposed network devices has been observed. The exploit, tracked as CVE-2025-20352 and ...