mandiant exposed a campaign spanning eight months that used csv command injection to achieve root access on cisco sd-wan management infrastructure, operating entirely outside endpoint detection and response coverage and granting full control over the wide-area network fabric. eight months of undetected access to network management infrastructure — not an endpoint but the plane that routes all traffic — represents a qualitatively different exposure than typical enterprise breaches. attribution was not publicly stated.