Abstract:New attack methods have been observed targeting networking devices running Cisco Internetwork Operating System (IOS)® Classic platforms. Adversaries access the device with valid administrative credentials and then upload malicious code. Compromised devices are used to establish persistence and manipulate device behavior. Refer to the Cisco® Security Activity Bulletin for additional threat information. This Information Assurance Advisory includes recommendations and procedures to identify the loaded ROM image and recover with a trusted ROM image, improving assurance in the device.