Malicious hackers exploit Cisco zero-day for highest access level at communications service provider
ID: d6a69458-cf9c-5d54-a1c7-d972855662d0
STIX ID: report--d6a69458-cf9c-5d54-a1c7-d972855662d0
Feed Name: CyberScoop
Mandiant disclosed that attackers exploited previously unknown Cisco SD‑WAN zero-day vulnerabilities to infiltrate a communications service provider, escalate privileges (creating a rogue 'troot' root account), and gain broad, stealthy visibility into internal traffic; Cisco has since published patches. Mandiant noted the intruders used anti‑forensic techniques that limited impact assessment and did not attribute the activity, while highlighting the growing trend of threat actors targeting edge/network appliances.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
