A recent zero-day vulnerability was exploited by Chinese state-sponsored hackers in April on Cisco devices, as revealed by Cisco and Sygnia Advisories. The vulnerability, known as CVE-2024-20399, affects Cisco NX-OS software used in Nexus series switches for networking. The hackers, known as the Velvet Ant group, were able to gain access to Cisco Nexus switches by collecting administrator-level credentials. They then deployed custom malware to remotely connect to compromised devices, upload additional files, and execute malicious code. Sygnia immediately informed Cisco of the vulnerability and provided details about the attack.
Cisco has since released software updates to address the vulnerability, but there are no workarounds available. The company’s Product Security Incident Response Team was made aware of the attempted exploit in April. The vulnerability impacts various Cisco products running a susceptible version of the NX-OS software. Although Cisco Nexus switches are commonly used in enterprise environments like data centers, they are typically not directly exposed to the Internet. Unfortunately, network devices like switches often lack sufficient protection, and organizations frequently neglect additional security measures.
According to Amnon Kushir from Sygnia, the Velvet Ant hackers likely infiltrated the network before exploiting the vulnerability, showcasing their advanced skills in accessing network devices undetected. The group’s main focus is on espionage, aiming to establish long-term access to victim networks. Sygnia previously reported on another Velvet Ant campaign in June, where hackers maintained multiple footholds within a company’s network for three years using outdated F5 BIG-IP equipment to access sensitive data like financial and customer information.
This incident highlights the ongoing threat posed by sophisticated state-backed hackers targeting vulnerabilities in networking equipment to conduct espionage and gain unauthorized access to sensitive information. Organizations are urged to promptly apply software updates and implement robust security measures to safeguard their networks against such attacks. The collaboration between cybersecurity firms like Sygnia and technology companies like Cisco plays a crucial role in identifying and mitigating these threats to enhance cybersecurity across various industries.
Article Source
https://therecord.media/cisco-velvet-ant-hackers-china
