Vulnerability cyber

Cisco

Aug 24, 2024 1 min read
Cisco

In April 2024, the China-linked APT group Velvet Ant exploited zero-day vulnerability CVE-2024-20399 in Cisco switches to deploy custom malware, gaining control over the network devices. Attackers with valid administrator credentials executed commands as root, bypassing security measures and installing the 'VELVETSHELL' malware for persistent access and espionage. The malware granted capabilities for command execution, file management, and creating traffic tunnels, compromising the integrity of Cisco's network infrastructures and potentially leading to data exfiltration.

Source: https://securityaffairs.com/167423/apt/china-velvet-ant-zero-day-cisco-switches.html

TPRM report: https://scoringcyber.rankiteo.com/company/cisco

"id": "cis000082424",
"linkid": "cisco",
"type": "Vulnerability",
"date": "8/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Cisco',
                        'type': 'Organization'}],
 'attack_vector': 'Zero-day vulnerability exploitation',
 'date_detected': 'April 2024',
 'description': 'In April 2024, the China-linked APT group Velvet Ant '
                'exploited zero-day vulnerability CVE-2024-20399 in Cisco '
                'switches to deploy custom malware, gaining control over the '
                'network devices. Attackers with valid administrator '
                'credentials executed commands as root, bypassing security '
                "measures and installing the 'VELVETSHELL' malware for "
                'persistent access and espionage. The malware granted '
                'capabilities for command execution, file management, and '
                'creating traffic tunnels, compromising the integrity of '
                "Cisco's network infrastructures and potentially leading to "
                'data exfiltration.',
 'impact': {'systems_affected': 'Cisco switches'},
 'initial_access_broker': {'backdoors_established': 'VELVETSHELL malware',
                           'entry_point': 'Cisco switches'},
 'motivation': 'Espionage',
 'post_incident_analysis': {'root_causes': 'Zero-day vulnerability '
                                           'CVE-2024-20399'},
 'threat_actor': 'Velvet Ant',
 'title': 'Velvet Ant APT Group Exploits Cisco Switches',
 'type': 'Advanced Persistent Threat (APT)',
 'vulnerability_exploited': 'CVE-2024-20399'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.