• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
backdoor implant on hacked cisco devices modified to evade detection

Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection

You are here: Home / General Cyber Security News / Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection
October 24, 2023

The backdoor implanted on Cisco units by exploiting a pair of zero-working day flaws in IOS XE software program has been modified by the danger actor so as to escape visibility by way of previous fingerprinting techniques.

“Investigated network targeted visitors to a compromised unit has demonstrated that the menace actor has upgraded the implant to do an additional header examine,” NCC Group’s Fox-IT workforce said. “Thus, for a lot of products, the implant is even now active, but now only responds if the appropriate Authorization HTTP header is set.”

The attacks entail fashioning CVE-2023-20198 (CVSS rating: 10.) and CVE-2023-20273 (CVSS rating: 7.2) into an exploit chain that grants the danger actor the means to get obtain to the gadgets, generate a privileged account, and finally deploy a Lua-primarily based implant on the devices.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The progress arrives as Cisco commenced rolling out security updates to deal with the issues, with much more updates to come at an as-nonetheless-undisclosed date.

The actual identification of the menace actor powering the marketing campaign is now not known, whilst the variety of impacted products is believed to be in the countless numbers, based on facts shared by VulnCheck and attack floor administration firm Censys.

“The bacterial infections look like mass hacks,” Mark Ellzey, Senior Security Researcher at Censys, advised The Hacker Information. “There may perhaps be a time when the hackers go as a result of what they have and figure out if just about anything is truly worth anything.”

On the other hand, the range of compromised units plummeted above the previous number of times, declining from roughly 40,000 to a several hundred, foremost to speculations that there may well have been some less than-the-hood adjustments to conceal its presence.

The hottest alterations to the implant discovered by Fox-IT make clear the purpose for the sudden and dramatic drop, as extra than 37,000 equipment have been observed to be continue to compromised with the implant.

Cybersecurity

Cisco, for its element, has confirmed the behavioral alter in its up to date advisories, sharing a curl command that can be issued from a workstation to test for the presence of the implant on the gadgets –

curl -k -H “Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb” -X Publish “https://systemip/webui/logoutconfirm.html?logon_hash=1”

“If the ask for returns a hexadecimal string this kind of as 0123456789abcdef01, the implant is existing,” Cisco mentioned.

Uncovered this report fascinating? Observe us on Twitter  and LinkedIn to read through extra unique written content we post.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «1password detects suspicious activity following okta support breach 1Password Detects Suspicious Activity Following Okta Support Breach
Next Post: Operation Triangulation: Experts Uncover Deeper Insights into iOS Zero-Day Attacks operation triangulation: experts uncover deeper insights into ios zero day attacks»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.