Network Security, Threat Intelligence

Novel Cisco NX-OS zero-day leveraged by Chinese hackers

Chinese hacker. Laptop with binary computer code and china flag

Chinese state-backed hacking group Velvet Ant targeted Cisco network switches with NX-OS software impacted by the newly discovered zero-day, tracked as CVE-2024-20399, as part of a cyberespionage attack in April, according to The Record, a news site by cybersecurity firm Recorded Future.

Exploitation of the vulnerability, which was reported by Sygnia researchers and has since been addressed by Cisco, enabled threat actors with admin-level credentials to compromise susceptible Cisco switches with custom malware that facilitated remote connections with impacted devices, file uploads, and code execution, said Sygnia Incident Response Research Manager Amnon Kushir. Potential network compromise preceding abuse of the security issue was also noted by Kushir to be indicative of the elevated sophistication and stealth of Velvet Ant's operations.

Such a development comes weeks after the threat group was reported by Sygnia to have obtained prolonged network persistence through the compromise of legacy F5 BIG-IP appliances in another attack campaign.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.