CyberWire Daily

Velvet Ant's silent invasion. [Research Saturday]

Nov 2, 2024

Amnon Kushnir, Director of Incident Response at Sygnia and expert in threat analysis, dives into the chilling activities of the Velvet Ant threat group. He reveals how they exploited a zero-day vulnerability in Cisco Nexus switches to deploy stealthy malware known as VelvetShell. The discussion emphasizes the challenges of detecting such advanced threats in enterprise networks. Kushnir also shares insights on improving security measures and the importance of community collaboration in combating cyber threats.

22:26

Creator website

Episode guests

Amnon Kushnir

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Velvet Ant threat group demonstrates advanced cyber espionage tactics by exploiting zero-day vulnerabilities to infiltrate and manipulate Cisco Nexus switches.

Organizations must enhance monitoring and logging of overlooked devices to strengthen security against sophisticated threats like Velvet Ant's operations.

Deep dives

Overview of VelvetAnt Threat Group

VelvetAnt is identified as a potential China Nexus state-sponsored threat actor, primarily engaged in espionage activities against large corporate entities. This group's operations have been observed using known malicious tools, such as PlugX and ShadowPad, which are typically associated with Chinese cyber operations. They exhibit a high level of adaptability, shifting their tactics in response to detection and escalating their operation to utilize advanced methods, including zero-day exploits. This flexibility allows them to target not only traditional systems but also specialized network devices like Cisco Nexus switches, demonstrating their sophistication in cyber espionage.

Intro

2min

Unveiling Velvet Ant: A Cyber Threat Analysis

7min

The Sophistication of Cyber Threats and Zero-Day Exploits

3min

Uncovering Velvet Shell Threats

5min

Fostering Community in Cybersecurity Against Threat Actors

2min

This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks.

This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats.

The research can be found here:

China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches

Learn more about your ad choices. Visit megaphone.fm/adchoices

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CyberWire Daily

Velvet Ant's silent invasion. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Overview of VelvetAnt Threat Group

Technical Tactics and Malware Deployment

Recommendations for Organizational Security

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CyberWire Daily

Velvet Ant's silent invasion. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Overview of VelvetAnt Threat Group

Technical Tactics and Malware Deployment

Recommendations for Organizational Security

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights