The Australian Signals Directorate reports ongoing cyber attacks exploiting the critical CVE-2023-20198 vulnerability in unpatched Cisco IOS XE devices, utilizing a new implant called BADCANDY. Threat actors, including Chinese-linked groups like Salt Typhoon, have infected hundreds of devices, emphasizing the importance of applying patches and device hardening. #CVE2023-20198 #SaltTyphoon
Keypoints
- The ASD warns about ongoing exploits of CVE-2023-20198 targeting unpatched Cisco IOS XE devices in Australia.
- Cyber actors use the BADCANDY web shell implant to maintain access and mask vulnerabilities post-infection.
- Up to 400 devices have been compromised since July 2025, with 150 infected in October alone.
- The malware is non-persistent but can be reintroduced if devices remain exposed and unpatched.
- ASD recommends patching systems, reviewing configuration for unauthorized accounts, and following Cisco hardening guidelines.
Read More: https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html