July 2, 2024 at 02:08AM
Velvet Ant, a Chinese cyber espionage group, has exploited a zero-day flaw in Cisco NX-OS Software to deliver custom malware and gain control over compromised Cisco Nexus devices. This vulnerability, CVE-2024-20399, allows an attacker with administrator credentials to execute commands as root. The impacted devices include various Nexus switches. Additionally, threat actors are exploiting a critical vulnerability in D-Link Wi-Fi routers for gathering account information.
From the meeting notes:
– A China-based cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software.
– The vulnerability, tracked as CVE-2024-20399, allows an authenticated, local attacker to execute arbitrary commands as root on an affected device.
– Velvet Ant executed a previously unknown custom malware that allowed them to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices.
– The impacted devices include various Cisco Nexus switches and multilayer switches.
– Velvet Ant was previously documented targeting an organization in East Asia using outdated F5 BIG-IP appliances to steal customer and financial information.
– Threat actors are also exploiting a critical vulnerability affecting D-Link DIR-859 Wi-Fi routers (CVE-2024-0769) to gather account information.
– The D-Link DIR-859 Wi-Fi routers are End-of-Life, posing long-term exploitation risks.
If you need further assistance or more details, feel free to ask.