A cyber espionage group called Velvet Ant linked to China has been using a zero-day vulnerability in Cisco NX-OS Software to deliver malware. The flaw, known as CVE-2024-20399, allows attackers to execute commands with root privileges on affected devices. By exploiting this weakness, Velvet Ant was able to remotely connect to compromised Cisco Nexus devices, upload files, and execute code. Despite the severity of the flaw, successful exploitation requires administrator credentials and specific configuration commands. The impacted devices include Cisco switches such as Nexus 3000, 5500, 5600, 6000, 7000, and 9000 series. Velvet Ant, previously associated with a cyber attack in East Asia, utilized outdated F5 BIG-IP appliances to steal sensitive information. Additionally, threat actors are using a critical vulnerability in D-Link DIR-859 Wi-Fi routers to extract account details. It's crucial to monitor network appliances to identify and investigate malicious activities effectively.