Chinese Hackers

[kyonides]

Guess what? We missed a cyber attack last week!

Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection.

The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control over the compromised system, facilitating both data exfiltration and persistent access.

"The zero-day exploit allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system," cybersecurity company Sygnia said in a report shared with The Hacker News.

Cybersecurity
Velvet Ant first caught the attention of researchers at the Israeli cybersecurity company in connection with a multi-year campaign that targeted an unnamed organization located in East Asia by leveraging legacy F5 BIG-IP appliances as a vantage point for setting up persistence on the compromised environment.

The threat actor's stealthy exploitation of CVE-2024-20399 came to light early last month, prompting Cisco to issue security updates to release the flaw.

Chinese Hackers
Notable among the tradecraft are the level of sophistication and shape-shifting tactics adopted by the group, initially infiltrating new Windows systems before moving to legacy Windows servers and network devices in an attempt to fly under the radar.

"The transition to operating from internal network devices marks yet another escalation in the evasion techniques used in order to ensure the continuation of the espionage campaign," Sygnia said.

The latest attack chain entails breaking into a Cisco switch appliance using CVE-2024-20399 and conducting reconnaissance activities, subsequently pivoting to more network devices and ultimately executing a backdoor binary by means of a malicious script.

But before you leave, you gotta know that another cyber attack hit the US and undisclosed country.

Chinese hackers exploited bug to compromise internet companies,
cybersecurity firm says

A Chinese hacking group exploited a software bug to compromise several internet companies in the U.S. and abroad, a cybersecurity firm said on Tuesday.

Researchers at the firm, Lumen Technologies (LUMN.N), opens new tab, said in a blog post that the hackers took advantage of a previously unknown vulnerability in Versa Director - a software platform used to manage services for customers of Santa Clara, California-based Versa Networks. It said four U.S. and one non-U.S. victim had been identified. Lumen did not name the victims and did not immediately respond to a request seeking further details.

Versa Networks issued an advisory on Monday acknowledging that the vulnerability had been exploited "in at least one known instance" by an advanced group of hackers, and urged customers to upgrade their software to fix the bug.

Lumen's blog post said that its researchers assessed with "moderate confidence" that the hacking campaign was carried by an alleged Chinese government-backed group nicknamed "Volt Typhoon." The attacks happened as early as June 12, Lumen said.

The Chinese Embassy in Washington did not immediately respond to a request seeking comment, although Beijing routinely denies allegations of its involvement in cyberespionage. U.S. officials did not immediately respond to a request for comment but on Friday the U.S. Cybersecurity and Infrastructure Security Agency added the Versa vulnerability to its list of "known exploited vulnerabilities."

Brandon Wales, the recently departed executive director of CISA, was quoted by the Washington Post on Tuesday saying that China's hacking effort had "dramatically stepped up from where it used to be."

Volt Typhoon has emerged as a group of particular concern to U.S. cybersecurity officials. In April, FBI Director Christopher Wray said China was developing the "ability to physically wreak havoc" on U.S. critical infrastructure and that Volt Typhoon had burrowed into numerous U.S. telecommunications, energy, water and other critical services companies.