BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Australia Warns of BADCANDY Malware Targeting Cisco Devices

Australian Signals Directorate Warns of Ongoing BADCANDY Cyberattacks Exploiting Critical Cisco IOS XE Vulnerability

  • The Australian Signals Directorate (ASD) reports ongoing attacks on unpatched Cisco IOS XE devices using the BADCANDY implant.
  • BADCANDY exploits a critical vulnerability (CVE-2023-20198) that allows remote attackers to create privileged accounts and control devices.
  • An estimated 400 Cisco devices in Australia have been compromised since July 2025, with 150 infections reported in October alone.
  • BADCANDY is a non-persistent Lua-based web shell that can be reintroduced if devices remain unpatched and internet-exposed.
  • ASD urges applying patches, limiting exposure, removing unauthorized accounts, and following Cisco hardening guidelines to prevent further breaches.

The Australian Signals Directorate (ASD) has issued a bulletin warning about sustained cyberattacks targeting unpatched Cisco IOS XE devices across Australia. The attacks exploit a critical, previously undisclosed implant called BADCANDY. This implant leverages the vulnerability identified as CVE-2023-20198, which enables a remote, unauthenticated attacker to create accounts with elevated privileges and seize control of affected systems.

- Advertisement -

The vulnerability carries a maximum severity score of 10.0 and has been actively exploited in the wild since 2023. Threat actors linked to China, including a group known as Salt Typhoon, have used this exploit against telecommunications providers. Since October 2023, multiple variants of the BADCANDY implant have been detected, with the attacks ongoing into 2024 and 2025. ASD estimates that up to 400 devices were compromised in Australia from July 2025, with 150 infections recorded in October alone.

According to ASD, “BADCANDY is a low equity Lua-based web shell, and cyber actors have typically applied a non-persistent patch post-compromise to mask the device’s vulnerability status in relation to CVE-2023-20198.” This means the implant does not survive a system reboot, but attackers can reinstall it if the device remains vulnerable and connected to the internet. The agency observed attackers detecting and reinfecting devices after implant removal, even when previous notifications had been issued.

ASD emphasizes that rebooting infected devices only removes the implant temporarily and does not reverse other attacker actions. To prevent further exploitation, the agency advises system administrators to promptly apply patches, restrict public access to web interfaces, and follow the hardening guidelines issued by Cisco. Additional recommended actions include reviewing and removing unauthorized accounts with administrative privileges, inspecting unknown tunnel interfaces, and monitoring command logging if enabled.

These measures are critical to address the ongoing threats posed by this sophisticated implant and the exploitation of critical flaws in widely used network devices.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Nvidia’s Kyber AI rack delayed to 2028: report

NVIDIA's next-generation Kyber server rack, designed for Rubin Ultra chips, is delayed to 2028...

TrojPix Air-Gap Attack Uses Monitor Cables

Researchers at Shandong University have demonstrated a new covert data exfiltration technique called TrojPix.The...

Bitcoin Reclaims $63k as Crypto Market Sees July Reversal

Bitcoin (BTC) reclaimed $63,000 in early July 2026, signaling a market reversal after a...

2026 ASEAN SHOP Opens in Kuala Lumpur to Drive Southeast Asia’s Smart Retail Growth

KUALA LUMPUR, Malaysia. ASEAN SHOP will host its 2026 edition at the MITEC Pavilion...

Bitcoin Data Strong Amid Selling and Yield Fears

Despite a zero ByteTrend score, the Bitcoin network's weekly on-chain transaction value is $13.5...

Must Read

Top Best Metaverse Worlds To Buy Land

The metaverse has grown in our everyday conversation since Facebook announced its rebranding in October 2021 to META. The metaverse is a virtual world,...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading