"China-Linked 'Velvet Ant' Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches"
"Velvet Ant," a skilled China-linked espionage group, has compromised edge devices and network appliances to improve stealth and persistence. On July 1, 2024, Cisco detailed a Command Line Interface (CLI) command injection vulnerability impacting NX-OS software used by its Nexus switches. On the same day, Sygnia announced its discovery of this vulnerability exploited by the threat group it tracked as Velvet Ant. Sygnia has now released more information on Velvet Ant's tactics, techniques, and procedures (TTPs). This article continues to discuss details regarding Velvet Ant's exploitation of a zero-day vulnerability to deploy malware on Cisco Nexus switches.
Submitted by grigby1
Submitted by grigby1 CPVI
on