Australia Warns of BadCandy Exploit
The Australian Signals Directorate (ASD) has issued a warning about cyber attacks targeting unpatched Cisco IOS XE devices in Australia. These attacks leverage a previously undocumented implant called BadCandy.
BadCandy exploits a vulnerability with a CVE rating of 10.0, allowing unauthenticated attackers to create accounts with elevated privileges. It is described as a “low equity Lua-based web shell” without persistence, meaning it does not survive system reboots. However, if a device remains unpatched and internet-exposed, attackers can reintroduce the malware to regain access.
Chinese Hackers Exploiting Cisco Firewalls
Researchers from Palo Alto Networks’ Unit 42 identified a China-based hacker group, Storm-1849, actively scanning and exploiting Cisco Adaptive Security Appliances (ASA). These firewalls are widely used by governments in the U.S., Europe, and Asia.
The ASA devices not only serve as firewalls but also perform intrusion prevention, spam filtering, antivirus checks, and other security functions.
Unit 42's research revealed attacks targeting several U.S. financial institutions, defense contractors, and military organizations during October.
OpenAI’s Aardvark Finds and Fixes Bugs
OpenAI’s code analysis system, Aardvark, has been designed to detect and fix software bugs efficiently, contributing to improved cybersecurity and software reliability.
“BadCandy is a 'low equity Lua-based web shell.' It lacks a persistence mechanism and cannot survive across system reboots, but attackers can reintroduce it if the device remains vulnerable.” — Australian Signals Directorate
“Storm-1849 is scanning for and exploiting a popular line of Cisco firewalls used by governments in the U.S., Europe and Asia.” — Palo Alto Networks’ Unit 42
Summary: Australia warns of the critical BadCandy exploit targeting Cisco devices, with Chinese hackers exploiting ASA firewalls globally, while OpenAI’s Aardvark advances bug detection and fixes.