Chinese Hackers Exploit Cisco Vulnerability To Deliver Malware

Uploaded on 2024-07-09 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Researchers at cybersecurity firm Sygnia have uncovered a Chinese cyber espionage campaign targeting a newly discovered command injection vulnerability in Cisco’s Cisco NX-OS software. They discovered the vulnerability and its exploitation as part of an ongoing forensic investigation of a threat group it has dubbed Velvet Ant.

The vulnerability, tracked as CVE-2024-20399, concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device.

"By exploiting this vulnerability, Velvet Ant successfully executed a previously unknown custom malware that allowed the threat group to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices" Sygnia said in a statement.

Cisco said the issue stems from insufficient validation of arguments that are passed to specific configuration CLI commands, which could be exploited by an adversary by including crafted input as the argument of an affected configuration CLI command.

Furthermore, it enables a user with administrator privileges to execute commands without triggering system syslog messages, thereby making it possible to conceal the execution of shell commands on hacked appliances.

Despite the code execution capabilities of the flaw, the lower severity is due to the fact that successful exploitation requires an attacker to be already in possession of administrator credentials and have access to specific configuration commands.

The following devices are impacted by CVE-2024-20399:

  • MDS 9000 Series Multilayer Switches
  • Nexus 3000 Series Switches
  • Nexus 5500 Platform Switches
  • Nexus 5600 Platform Switches
  • Nexus 6000 Series Switches
  • Nexus 7000 Series Switches, and
  • Nexus 9000 Series Switches in standalone NX-OS mode

Velvet Ant was first documented by the Israeli cyber security firm in connection with a cyber attack targeting an unnamed organisation located in East Asia for a period of about three years by establishing persistence using outdated F5 BIG-IP appliances in order to stealthily steal customer and financial information.

Despite difficulties in exploiting flaws like CVE-2024-20399, sophisticated threat actors, such as Velvet Ant, tend to target insufficiently protected network appliances for persistent access to enterprise environments.

Sygnia     |     Cisco     |     Cyber Daily   |   Security Affairs     |     Security Week   |    TheHacker News    

Image: Ideogram

You Might Also Read: 

Attacks Against Cisco Firewall Platforms:  

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Inside The Mind Of A CISO
Half Of Employees Don’t Report Security Mistakes »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

HexaTrust

HexaTrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Zighra

Zighra

Zighra is a leading provider of On-Device AI solutions for continuous authentication and fraud detection on mobile and web applications.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

ExactTrak

ExactTrak

ExactTrak provide embedded cyber security solutions for your digital devices – whenever and wherever you need them.

eGyanamTech (EGT)

eGyanamTech (EGT)

eGyanamTech provides robust security solutions tailored for Operational Technology (OT) and Supervisory Control and Data Acquisition (SCADA) systems used in critical infrastructure systems.