Cybersecurity researchers have identified a Chinese cyberespionage campaign targeting a vulnerability in Cisco’s NX-OS software. The threat group Velvet Ant was found deploying malware on Cisco Nexus switches. Sygnia, a cybersecurity firm, discovered the vulnerability and alerted Cisco, who then released updates to address it. The exploit allows attackers to execute arbitrary commands on the operating system with root privileges, but it requires administrator credentials. Sygnia observed the hackers successfully running commands on vulnerable hardware and deploying custom malware to connect remotely to compromised devices.
The exploit affects various Cisco Nexus and MDS 9000 Series switches, and Sygnia emphasizes the importance of following security best practices to mitigate such threats. Velvet Ant was previously seen attacking a large organization in late 2023 using a legacy F5 BIG-IP appliance to create an internal C&C node. The group is considered a sophisticated threat actor with robust capabilities and a methodical approach to victimizing organizations.
David Hollingworth, a technology writer with over 20 years of experience, covers cybersecurity topics and finds it fascinating, especially when it relates to Lego.
Article Source
https://www.cyberdaily.au/security/10774-chinese-linked-hackers-spotted-exploiting-cisco-nx-os-vulnerability