May 3, 2024 at 09:10AM The cyberespionage campaign ArcaneDoor, targeting government networks with hacked Cisco firewalls, is likely operated by a Chinese state-sponsored threat actor. Exploiting two zero-day vulnerabilities, the attackers used custom malware to execute commands and exfiltrate data. Censys research supports the connection to China, citing IP addresses and the presence of Chinese-developed … Read more
April 25, 2024 at 12:06PM A state-sponsored threat actor named UAT4356 conducted a global cyber espionage campaign by exploiting two Cisco zero-day vulnerabilities in firewall devices. Dubbed “ArcaneDoor,” the campaign targeted government networks and utilized custom backdoor malware called “Line Dancer” and “Line Runner.” Organizations are advised to patch their systems and monitor for any … Read more
April 24, 2024 at 01:10PM Cisco warns of state-backed hacking involving zero-day vulnerabilities in ASA and FTD firewalls used to infiltrate government networks globally. The cyber-espionage campaign, known as ArcaneDoor, targeted vulnerable edge devices since November 2023. Cisco discovered and fixed two zero-days – CVE-2024-20353 and CVE-2024-20359 – and urges customers to upgrade their devices … Read more