Cisco Zero-Day Drama: China-Linked APT Exploits Secure Email Gateway Vulnerabilities
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager, exploiting a zero-day vulnerability. With a persistence mechanism dubbed AquaShell, the attackers are making themselves at home on compromised systems, while misconfigurations leave the digital door wide open. It’s like a cyber B&B for hackers!
Hot Take:
Who needs a holiday Grinch when you have a China-linked APT group wreaking havoc on your Secure Email Gateway? Cisco’s got a zero-day surprise for the tech world, and it’s not the kind you unwrap under the tree! So, while you’re decking the halls, remember to patch those firewalls — unless you want an uninvited guest at your Christmas party, and by guest, we mean a cyber-foe with a penchant for root-level snooping.
Key Points:
- Cisco has disclosed a critical zero-day vulnerability (CVE-2025-20393) affecting Secure Email Gateway and Secure Email/Web Manager, exploited by a China-linked group.
- The vulnerability allows attackers to execute root-level commands and plant persistence mechanisms.
- Researchers identified a custom persistence mechanism called AquaShell used by the attackers.
- The campaign targets a limited subset of appliances with specific open ports and misconfigurations.
- U.S. CISA has added this zero-day to its Known Exploited Vulnerabilities catalog.