A Chinese threat group dubbed “Velvet Ant” has been exploiting vulnerabilities in Cisco NX-OS and F5 load balancers. This group has used a custom malware toolkit called “VelvetShell” to gain administrator-level access to devices and establish command-and-control (C2) channels. The group has been exploiting vulnerabilities in the wild, including CVE-2024-20399, a privilege escalation vulnerability in NX-OS. This incident underscores the importance of applying patches promptly to critical network devices and monitoring for signs of malicious activity. Organizations should also invest in robust security solutions that can detect and mitigate threats from sophisticated threat actors.