HQ/EMEAFind out how we can help your business
The Velvet Ant threat group, a notorious state-backed Chinese hacking group, exploited a newly discovered zero-day vulnerability affecting a popular line of Cisco devices that started a few months ago.
Cisco and its third-party security service provider issued advisories earlier this week on the zero-day flaw now tracked as CVE-2024-20399. According to reports, the vulnerability is in Cisco NX-OS software used for Nexus-series switches that connect network devices.
The third-party research group explained that the vulnerability was identified as part of a more prominent forensic study into a threat organisation known as Velvet Ants. These threat actors capitalised on recently obtained admin-level credentials to access Cisco Nexus switches and deploy malware. The exploit allowed the China-backed hackers to remotely connect to infected devices, upload additional files, and execute malicious code.
Additionally, the researchers claimed that they promptly reported the vulnerability and exploitation to Cisco as soon as they uncovered the malware exploiting the zero-day. The researchers also included extensive information about the attack route in their report.
Velvet Ant was uncovered, but the solution for the compromise is still lacking.
Cisco has published software upgrades to fix the vulnerability that the Velvet Ant exploited, but there are no solutions. The company stated that its Product Security Incident Response Team (PSIRT) became aware of the attempted exploitation in April.
The issue affects several Cisco products running a vulnerable version of Cisco NX-OS software.
According to investigations, Cisco Nexus switches are standard in enterprise environments, specifically in data centres, but most are not directly connected to the internet. Network devices, such as switches, are typically inadequately protected, and companies frequently disregard taking additional precautions to safeguard themselves.
Researchers also claimed that the Velvet Ant hackers most likely breached the organisation’s network before exploiting the vulnerability. This detail proves that the Velvet Ant is an advanced, persistent threat group with a sophisticated and elusive tactic for breaching network devices.
Furthermore, the China-backed threat group’s primary objective is espionage, focusing on gaining long-term access to a victim’s network. This detail indicates that these hackers are gathering intelligence for their country’s advantage.
