In the world of cyber espionage, a new player has emerged – Velvet Ant, a China-linked group that has been caught exploiting a zero-day flaw in Cisco NX-OS Software. This vulnerability, identified as CVE-2024-20399, allows attackers to execute commands as root on affected devices, paving the way for the delivery of custom malware.
According to cybersecurity firm Sygnia, Velvet Ant used this vulnerability to remotely connect to compromised Cisco Nexus devices, upload files, and run code undetected. Cisco has acknowledged the issue, attributing it to insufficient validation of input arguments in specific configuration CLI commands.
What makes this vulnerability particularly concerning is its ability to allow administrators to execute commands without raising system alerts, essentially flying under the radar. While the flaw requires administrator credentials for successful exploitation, it impacts a range of Cisco devices including the Nexus series switches.
Velvet Ant’s activities were first brought to light by an Israeli cybersecurity firm, which uncovered a long-term cyber attack targeting an organization in East Asia. The group exploited vulnerabilities in outdated F5 BIG-IP appliances to stealthily collect sensitive information over a three-year period.
As if that wasn’t enough, threat actors are also taking advantage of a critical vulnerability in D-Link DIR-859 Wi-Fi routers to gather user account information. This flaw, known as CVE-2024-0769, poses a significant risk as the product is End-of-Life and will not receive patches.
With cyber threats on the rise, it’s clear that vigilance and proactive security measures are more important than ever. Stay informed and stay safe by following us on Twitter and LinkedIn for more exclusive content.
