#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

39 C
Dubai
Thursday, July 3, 2025
HomeTopics 1Advanced Persistent ThreatChinese Hackers Exploit Cisco Zero-Day to Deploy Custom Malware

Chinese Hackers Exploit Cisco Zero-Day to Deploy Custom Malware

Date:

Related stories

CVE‑2025‑20309: Cisco Unified CM Exposes Root via Static SSH Credentials

Cisco disclosed a 10.0 CVSS-critical vulnerability (CVE‑2025‑20309) in its...

PDFs: Portable Documents or Perfect Phishing Vectors?

Cybersecurity professionals are sounding the alarm: PDF attachments are...

Google Urgently Patches CVE‑2025‑6554 Zero‑Day in Chrome 138 Stable Update

On 26 June 2025, Google rapidly deployed a Stable Channel update...
spot_imgspot_imgspot_imgspot_img

In a recent cyberattack, a Chinese hacking group known as “Velvet Ant” has been linked to the exploitation of a critical zero-day vulnerability in Cisco products. The attackers leveraged this vulnerability to deploy custom malware on compromised systems, potentially allowing them to gain unauthorized access to sensitive data and disrupt network operations.

The Zero-Day Vulnerability

The zero-day vulnerability, identified as CVE-2023-20862, affects multiple Cisco products, including the Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Meraki MX. The vulnerability allows attackers to execute arbitrary code on affected devices, potentially granting them full control over the compromised systems.

Velvet Ant’s Campaign

The Chinese hacking group Velvet Ant, also known as APT29, is believed to be responsible for the cyberattack targeting Cisco products. The group has been linked to a variety of cyber espionage and cybercrime activities, including attacks on government agencies, critical infrastructure, and private companies.

Malware Deployment and Impact

Once compromised, the attackers deployed custom malware on the affected systems. The malware, which has been codenamed “Nightcrawler,” is designed to steal sensitive data, establish backdoors, and maintain persistence on the compromised systems. The attackers may have used this malware to spy on victims, steal intellectual property, or disrupt critical services.

Recommendations for Protection

To protect against this and other similar threats, organizations should take the following steps:

  1. Apply the latest security patches: Ensure that all Cisco products are updated with the latest security patches to address the vulnerability.
  2. Segment your network: Divide your network into smaller segments to limit the potential damage of a successful attack.
  3. Implement strong access controls: Restrict access to sensitive systems and data to authorized users only.
  4. Monitor network traffic: Regularly monitor your network traffic for signs of suspicious activity.
  5. Educate employees: Provide employees with cybersecurity training to raise awareness of potential threats and best practices for protecting your network.
  6. Use security monitoring tools: Deploy security monitoring tools to detect and respond to threats.
  7. Backup your data: Regularly backup your important data to protect against data loss in the event of a successful attack.
  8. Consider a security service provider: If you are unable to manage your network security in-house, consider hiring a professional security service provider.
  9. Stay informed: Stay informed about the latest cybersecurity threats and best practices by following industry news and subscribing to security alerts.
  10. Be cautious of phishing attacks: Be wary of phishing emails or messages that may attempt to trick you into clicking on malicious links or downloading malware.

Conclusion

The cyberattack targeting Cisco products highlights the ongoing threat posed by advanced persistent threat (APT) groups like Velvet Ant. By following the recommendations outlined above, organizations can protect themselves from similar attacks and safeguard their sensitive data and systems.

Want to stay on top of cybersecurity news? Follow us on Facebook – X (Twitter) – Instagram – LinkedIn – for the latest threats, insights, and updates!

Ouaissou DEMBELE
Ouaissou DEMBELEhttp://cybercory.com
Ouaissou DEMBELE is a seasoned cybersecurity expert with over 12 years of experience, specializing in purple teaming, governance, risk management, and compliance (GRC). He currently serves as Co-founder & Group CEO of Sainttly Group, a UAE-based conglomerate comprising Saintynet Cybersecurity, Cybercory.com, and CISO Paradise. At Saintynet, where he also acts as General Manager, Ouaissou leads the company’s cybersecurity vision—developing long-term strategies, ensuring regulatory compliance, and guiding clients in identifying and mitigating evolving threats. As CEO, his mission is to empower organizations with resilient, future-ready cybersecurity frameworks while driving innovation, trust, and strategic value across Sainttly Group’s divisions. Before founding Saintynet, Ouaissou held various consulting roles across the MEA region, collaborating with global organizations on security architecture, operations, and compliance programs. He is also an experienced speaker and trainer, frequently sharing his insights at industry conferences and professional events. Ouaissou holds and teaches multiple certifications, including CCNP Security, CEH, CISSP, CISM, CCSP, Security+, ITILv4, PMP, and ISO 27001, in addition to a Master’s Diploma in Network Security (2013). Through his deep expertise and leadership, Ouaissou plays a pivotal role at Cybercory.com as Editor-in-Chief, and remains a trusted advisor to organizations seeking to elevate their cybersecurity posture and resilience in an increasingly complex threat landscape.

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_imgspot_imgspot_imgspot_img

LEAVE A REPLY

Please enter your comment!
Please enter your name here