Oracle still hasn't patched the vulnerability the group has been using in its attacks since late May.

The defect marks the seventh actively exploited zero-day in Cisco SD-WANs this year, and the vendor has yet to release a patch.

When a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved.

The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems.

Researchers traced the kit moving from a spyware vendor’s customer to Russian hackers to Chinese cybercriminals.

The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there.

The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.

Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November.

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild.

The tech giant addressed a record-high number of defects for the year in its latest update.