There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches, Cyber Security Firm Sygnia Says

Archived version

  • Earlier in 2024, Sygnia observed ‘Velvet Ant’ leveraging a zero-day exploit (CVE-2024-20399) to compromise and control on-premises Cisco Switch appliances. These types of vulnerabilities are used by threat actor to operate on compromised devices in a way that is completely hidden to the enterprise security stack.
  • As part of the ‘Velvet Ant’ multi-year intrusion, the transition to operating from internal network devices marks yet another escalation in the evasion techniques used in order to ensure the continuation of the espionage campaign.
  • The zero-day exploit allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system. Following the exploitation, ‘Velvet Ant’ deploy tailored malware, which runs on the underlying OS and is invisible to common security tools.
  • The modus-operandi of ‘Velvet Ant’ highlights risks and questions regarding third-party appliances and applications that organizations onboard. Due to the ’black box‘ nature of many appliances, each piece of hardware or software has the potential to turn into the attack surface that an adversary is able to exploit.
  • By enhancing logging, implementing continuous monitoring, and conducting systematic threat hunts on key organizational choke points, organizations can better detect and counteract advanced persistent threats such as ‘Velvet Ant’.
  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • lifeLocal
  • goranko
  • All magazines
    •