GEN:SID 1:1775
Message MYSQL root login attempt
Summary This event is generated when the user "root" logs in to a MySQL database from an external source.
Impact Serious. An attacker may have gained superuser access to the system.
Detailed Information This event is generated when someone using the name "root" logs in to a MySQL database.

The 'root' user may have access to all databases on the system, with full privileges to add users, delete data, add information, etc.

This connection can either be a legitimate telnet connection or the result of spawning a remote shell as a consequence of a successful network exploit.
Affected Systems  
Attack Scenarios Simple. The user logs in with the username 'root', full access is then granted to that user for all databases served by the MySQL daemon. The attacker may then continue to gain sensitive information from any database in the system.
Ease of Attack Simple. This may be post-attack behavior and can be indicative of the successful exploitation of a vulnerable system.
Corrective Action Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise

Look for other events generated by the same IP addresses.
Additional References