Hackers Play Hide and Seek with Cisco: Smarter Backdoor in Devices
- A backdoor implanted on Cisco devices gets an upgrade to enhance its stealth capabilities.
- The upgraded implant exploits two zero-day flaws found in IOS XE software.
- Changes were made to keep the backdoor invisible by previous fingerprinting methods.
- Network traffic to compromised devices was analyzed and changes were observed.
- The threat actor has stepped up its game with an extra header check for the malicious implant.
Backdoor Upgrade: Stealth Level Increased
Just as when you thought you could finally curb your kids from sneaking into the cookie jar, hackers have been upping their game as well. They’ve successfully upgraded the backdoor they’ve planted in Cisco devices, improving its dexterity in dodging detection. Just like my kids with the cookie jar, they cover their tracks efficiently, this time with a tweak to be invisible from previous fingerprinting methods.
Those Tricky Zero-Day Flaws in IOS XE Software
It seems like the threat actors have found their favorite playground in the form of two zero-day flaws discovered in IOS XE software. They used these like a cheat code in a video game to implant their undercover gadget. If there were a stealth mode in hacking, these folks have activated it effectively, exploiting these vulnerabilities to their advantage.
The Hide and Seek Continues: Unseen Header Check
The relentless folks at NCC Group’s Fox-IT team got a glimpse of this upgraded trickster by scrutinizing network traffic leading to compromised devices. The reveal was outrageous! The threat actor gave their implant an extra invisibility cloak: an extra header check. While this may appear as a mere adjustment, it’s the equivalent of learning that your opponent has been using a mirror to watch your moves in a chess match. It’s a major game changer.
Our digital villains have pulled another trick out of their bag, upgrading the backdoor in Cisco devices to stay off the radar. By exploiting two zero-day flaws in the IOS XE software, they’ve successfully tweaked their implant to resist detection by previous fingerprinting methods. Their latest tactic involves adding an extra header check to the implant, a move that further underscores their ingenious evasion strategy. It’s as though they’re playing a relentless game of chess, introducing a new move just when we thought we had them cornered. Sky’s the limit when it comes to the world of cybersecurity, isn’t it?
In the world of networking tech, this is akin to infiltrators getting bolder, cheekier, and far more cunning. Pretty much like my son, who has now concocted a new method to swipe the remote without me noticing. As they say, necessity is the mother of invention… and apparently, it holds true even for cyber villains, and occasionally, voracious TV viewers.
If only we could reroute this hacker energy into something like cleaning the house. Hey, one could hope, right?
Original Article: https://thehackernews.com/2023/10/backdoor-implant-on-hacked-cisco.html