Israeli cybersecurity firm Sygnia has uncovered a critical vulnerability in Cisco’s NX-OS software, impacting numerous Cisco Nexus devices used by organizations worldwide. The security flaw was exploited by the Chinese hacking group Velvet Ant for espionage purposes, marking it as one of the most advanced cyber attacks to date. Sygnia’s researchers identified the vulnerability while assisting a client targeted by the hackers, enabling them to gain unauthorized access to compromised Cisco Nexus devices and execute malicious code remotely.
The hackers leveraged the vulnerability to run their custom malware, granting them the ability to connect to the compromised devices, upload additional files, and execute commands on the underlying Linux operating system. This allowed them to navigate between the Cisco and Linux layers, enabling them to evade detection and launch attacks within the victim organizations. Oren Biderman, IR team leader and CTO at Sygnia, emphasized the importance of monitoring network devices like switches to detect and prevent such cyber threats.
Velvet Ant, believed to be backed by the Chinese government, targets vulnerabilities in communication equipment from various manufacturers to maintain access to corporate networks over prolonged periods. Their goal is to steal sensitive information for espionage purposes, posing a significant threat to organizations globally. Sygnia’s recent findings shed light on the sophisticated tactics employed by the hackers, highlighting the need for robust cybersecurity measures in place to safeguard against such attacks.
In light of these revelations, organizations are advised to enforce access controls on their switches and implement comprehensive monitoring systems to detect and respond to malicious activity effectively. Sygnia’s research underscores the critical importance of proactive cybersecurity measures to defend against evolving cyber threats and safeguard sensitive data from sophisticated adversaries like Velvet Ant.
Article Source
https://www.israeldefense.co.il/en/node/62486
