Cisco says Chinese hackers are exploiting its customers with a new zero-day

In a security advisory, Cisco said it became aware of a new cyberattack campaign on December 10. This attack targets appliances running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

The bug affects both physical and virtual instances of these appliances, but only when they are configured with the Spam Quarantine feature, which also needs to be exposed to, and reachable from the internet.

Blaming Chinese hackers

No one has claimed responsibility for the incursions just yet, but some researchers believe this is the work of a Chinese state-sponsored threat actor.

The good news is that this feature is not enabled by default. The downside is that all releases of Cisco AsyncOS are affected by this campaign.

The attackers are using this flaw to execute arbitrary commands with root privileges on the operating system, essentially taking over the compromised devices.

Cisco did not say how many companies were targeted, or how many fell victim, but since there is no patch for the bug right now, Cisco advises users to take certain measures, including “restoring the appliance to a secure configuration”. In other words - wiping and rebuilding the software from the ground up.

Those that are unable to wipe the appliances should contact TAC to check if their products were compromised and if they get a confirmation, “rebuilding the appliances is currently the only viable option to eradicate the threat actors’ persistence mechanism from the appliance.”

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.