Chinese state-backed hacking group Velvet Ant targeted Cisco network switches with NX-OS software affected by the newly discovered zero-day vulnerability, tracked as CVE-2024-20399, in April. As part of a cyber espionage attack, according to RecordA news site from cybersecurity firm Recorded Future.

The vulnerability exploit, which was reported by Sygnia researchers and has since been patched by Cisco, enabled threat actors with admin-level credentials to compromise sensitive Cisco switches with custom malware. created which facilitated remote connections with infected devices, file uploads, and code execution. Sygnia Incident Response Research Manager Amnon Kushir said. Possible network compromise prior to exploiting the security issue was also noted by Kashir to indicate the high sophistication and stealth of Velvet Ant’s operations.

Such developments come just weeks after Sygnia was reported to have gained extended network stability through a compromise by the threat group. Legacy F5 BIG-IP Appliances In another invasion campaign.

Source link