The backdoor implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software has been modified by the threat actor so as to escape visibility via previous fingerprinting methods."Investigated network traffic to a compromised device has shown that the threat actor has upgraded the implant to do an extra header check," NCC Group's Fox-IT team said. "Thus, for a lot of devices, the implant is still active, but now only responds if the correct Authorization HTTP header is set." Read More..
Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection Misconfigurations
- Details
- The Hacker News