Chinese state-backed hacking group Velvet Ant targeted Cisco network switches with NX-OS software impacted by the newly discovered zero-day, tracked as CVE-2024-20399, as part of a cyberespionage attack in April, according to The Record, a news site by cybersecurity firm Recorded Future.Exploitation of the vulnerability, which was reported by Sygnia researchers and has since been addressed by Cisco, enabled threat actors with admin-level credentials to compromise susceptible Cisco switches with custom malware that facilitated remote connections with impacted devices, file uploads, and code execution, said Sygnia Incident Response Research Manager Amnon Kushir. Potential network compromise preceding abuse of the security issue was also noted by Kushir to be indicative of the elevated sophistication and stealth of Velvet Ant's operations. Such a development comes weeks after the threat group was reported by Sygnia to have obtained prolonged network persistence through the compromise of legacy F5 BIG-IP appliances in another attack campaign.
Network Security, Threat Intelligence
Novel Cisco NX-OS zero-day leveraged by Chinese hackers

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds