FireEye Calls Out SYNful Knock - A Cisco router implant

FireEye published a technical overview of SYNful Knock, a stealthy modification of a Cisco router's firmware image that can be used to maintain persistence within a victim's network. The backdoor malware reportedly has been confirmed in a number of router implants spread across four different countries:  Ukraine, Philippines, Mexico, and India.

FireEye warned that this attack vector is potentially severe.

https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html