By Eric Geller
Publication Date: 2025-12-18 10:17:00
China-linked hackers have been using misconfigured Cisco security products to deploy backdoors on target networks for at least the past several weeks.
The hacker group, which Cisco tracks as UAT-9686, has been taking advantage of an insecure setting in Cisco’s AsyncOS software, which powers the company’s email and web security devices and virtual platforms, Cisco said in a blog post and a security advisory.
AsyncOS allows users to enable a Spam Quarantine feature and make it accessible over the internet. That configuration is not the default, but users who manually change it risk exposing their devices to intrusions.
“This attack allows the threat actors to execute arbitrary commands with root privileges…
