"Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection"

The backdoor implanted on Cisco devices by exploiting a couple of zero-day vulnerabilities in the IOS XE software has been modified to evade detection through previous fingerprinting techniques. According to NCC Group's Fox-IT team, network traffic to a compromised device has shown that the threat actor has changed the implant to perform an additional header check. Therefore, the implant remains active for many devices but now only responds if the proper Authorization HTTP header is set. This article continues to discuss the modification of the backdoor implant on hacked Cisco devices to prevent detection. 

THN reports "Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection"

Submitted by grigby1

Submitted by Gregory Rigby on