Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that hackers exploited two zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to hack over 50,000 Cisco IOS XE devices to create privileged user accounts and install a malicious LUA backdoor implant. This LUA implant allows the threat actors to remotely execute commands at privilege level 15, the highest privilege level on the device. Since the release of this news, cybersecurity firms and researchers have found roughly 60,000 out of the 80,000 publicly exposed Cisco ISO XE devices to be breached with this implant. On Saturday, multiple cybersecurity organizations reported that the number of Cisco IOS XE devices with a malicious implant has mysteriously dropped from approximately 60,000 devices to only 100-1,200, depending on the different scans. Onyphe Founder & CTO Patrice Auffret told BleepingComputer that he believes the threat actors behind the attacks are deploying an update to hide their presence, thus causing the implants to be no longer seen in scans. "For the second day in a row, we see the number of implants have drastically dropped in a short time. Basically, they appear to have been practically all rebooted or have been updated." "We believe it is the action from the original threat actor which is trying to fix an issue that should not have been there from the beginning. The fact that the implant was so easy to detect remotely was a mistake from their side." Piotr Kijewski, the CEO of The Shadowserver Foundation, also told BleepingComputer that they have seen a sharp drop in implants since 10/21, with their scans only seeing 107 devices with the malicious implant. "The implant appears to have been either removed or updated in some way," Kijewski told BleepingComputer via email. Another theory is that a grey-hat hacker is automating the reboot of impacted Cisco IOS XE devices to clear the implant. Orange Cyberdefense CERT for the Orange Group told BleepingComputer that they do not believe that a grey-hat hacker is behind the decrease in implants but rather that this could be a new exploitation phase. Another possibility shared by security researcher Daniel Card is that the many devices breached with implants were simply a decoy to hide the real targets in attacks. Until Cisco or other researchers can examine a previously breached Cisco IOS XE device to see if they were simply rebooted or if new changes were made, there is no way to know what happened. BleepingComputer has contacted Cisco with questions about the drop in implants but has not received a reply at this time. Cisco discloses new IOS XE zero-day exploited to deploy malware implant. Over 10,000 Cisco devices hacked in IOS XE zero-day attacks. Cisco warns of new IOS XE zero-day actively exploited in attacks. Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day. Cisco urges admins to fix IOS software zero-day exploited in attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
10 months ago Bleepingcomputer.com
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds - The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that ...
10 months ago Bleepingcomputer.com
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
10 months ago Bleepingcomputer.com
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day - More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. There is no patch or a workaround available and the only ...
10 months ago Bleepingcomputer.com
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks - Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants. The list of products running Cisco IOS XE software includes enterprise switches, aggregation ...
10 months ago Bleepingcomputer.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
10 months ago Bleepingcomputer.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
8 months ago Bleepingcomputer.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
6 months ago Feedpress.me
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
8 months ago Feedpress.me
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
10 months ago Bleepingcomputer.com
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
6 months ago Feedpress.me
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
8 months ago Bleepingcomputer.com
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
7 months ago Darkreading.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
10 months ago Feedpress.me
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
10 months ago Bleepingcomputer.com
Webex announces comprehensive Device Management Capabilities with Phonism integration - Webex is excited to announce a comprehensive solution for 3rd party Device Management referred to as 'Partner Managed Devices. ' Partner Managed Devices allows Webex Cloud Calling offers to support a flexible Device Management strategy. With this ...
10 months ago Feedpress.me
Embrace the Multicloud Era with Cisco Learning and Certifications at Cisco Live Amsterdam - It's time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024. Let's dive into how you can make the most of your ...
8 months ago Feedpress.me
Embracing Sustainability: Embark on the Journey to a More Sustainable Future! - Sustainability isn't just about protecting the planet for future generations. It's also about preserving the delicate balance that allows life to thrive today and tomorrow. In a world where environmental concerns are growing more urgent with each ...
10 months ago Feedpress.me
Join Customer Experience for Cisco Live EMEA Demos - In her blog, Countdown to Cisco Live EMEA, Adele Trombetta, SVP, Cisco Customer Experience EMEA, mentioned how excited she is for Cisco Live EMEA in just a little more than a week, and I agree. I want to go a little deeper and give you some more ...
8 months ago Feedpress.me
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
7 months ago Feedpress.me
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
8 months ago Bleepingcomputer.com
Patch Now: Cisco Zero-Day Under Fire From Chinese APT - Cisco has patched a command-line injection flaw in a network management platform used to manage switches in data centers, which, according to researchers from Sygnia, already has been exploited by the China-backed threat group known as Velvet Ant. ...
3 months ago Darkreading.com
Honoring Cisco Designated VIPs at Cisco Live Amsterdam 2024 - Every Cisco Live, we have the opportunity to meet our esteemed Cisco Designated VIPs in person. It is one of the most significant highlights for the Cisco Learning Network's community managers and the Cisco Learning & Certifications organization's ...
7 months ago Feedpress.me
The power of community helps Cisco Insider Rob Taylor bring innovation to his customers. - Cisco's advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field. Fate stepped in, ...
4 months ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)