Malicious cyber threat actors are actively exploiting Cisco Catalyst SD-WANs globally, primarily targeting systems with internet-exposed management interfaces. Upon compromise, attackers add malicious rogue peers to the network, enabling them to escalate privileges to root and maintain persistent access. A coalition of international cybersecurity agencies has released a joint Hunt Guide, and Cisco has issued software updates to mitigate the threat.