9 matches found
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...
PlugX malware deleted from thousands of systems by FBI
The FBI says it has removed PlugX malware from thousands of infected computers worldwide. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China PRC used a version of PlugX malware to control, and steal information from victims' computers. PlugX h...
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 CVSS score: 9.3, has been described as an improper access contr...
Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control
Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliances and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the...
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware
A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 CVSS score: 6.0, concerns a case of command injection that allows an authenticated, local...
PT-2024-4435
Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software versions prior to the fixed version Description A vulnerability in the Command Line Interface CLI of Cisco NX-OS Software could allow an authenticated user in possession of Administrator credentials to execute arbitrary...
F5 BIG-IP Exploited in Three-Year Espionage Campaign by Velvet Ant
...
Chinese Velvet Ant Hackers Target F5 Devices in Years-Long Espionage
Discover how China-linked Velvet Ant APT exploited F5 BIG-IP devices for years undetected. Sygnia's detailed analysis exposes tactics used to maintain persistence and evade detection, offering crucial insights for organizations to bolster their cybersecurity defenses against similar threats...
China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices
A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization located in East Asia for a period of about three years, with the adversary establishing persistence using legacy F5 BIG-IP appliances and using it as an internal...