.webp)
This exploitation facilitated the deployment of VELVETSHELL, a custom malware
A China-linked cyber espionage group, dubbed Velvet Ant, has been exploiting a zero-day vulnerability in Cisco NX-OS Software, enabling the deployment of custom malware on network switches. The flaw, identified as CVE-2024-20399, was discovered by cybersecurity firm Sygnia and reported to Cisco, which has since issued software updates to address the issue.
With a CVSS score of 6.0, the vulnerability enables a local attacker who has gained authorization to launch any commands as root on compromised devices. This exploitation facilitated the deployment of VELVETSHELL, a custom malware combining elements of the Unix backdoor TinyShell and the proxy tool 3proxy. The malware provides attackers with the ability to execute commands, transfer files, and establish tunnels to proxy network traffic. Sygnia's investigation revealed that Velvet Ant has been operating for three years, leveraging network vulnerabilities for long-term access and data theft. The group's sophisticated approach underscores the critical need for vigilant monitoring of network appliances, which are often overlooked in cybersecurity strategies.
Cisco has urged organizations to apply the latest software patches, enhance monitoring systems, and regularly update administrator credentials. As cyber threats continue to evolve, ensuring the protection and oversight of network infrastructure, including switches, is crucial to defending against advanced persistent threats like Velvet Ant.
.webp)
.webp)
