Velvet Ant, a China-linked hacking group, used a CLI command injection zero-day to install malware on Cisco Nexus switches. Velvet Ant is a little known but accomplished espionage group. The hackers gained access to the Nexus switch by using valid administrator credentials. Then, they used a command injection vulnerability to jailbreak the device, giving them access to the network. After gaining network access, Velvet Ant could transition to other devices on the network without being detected. The zero-day vulnerability is patched by Cisco and is difficult to exploit.

Read more: https://www.securityweek.com/china-linked-velvet-ant-hackers-exploited-zero-day-to-deploy-malware-on-cisco-nexus-switches/