State-Sponsored ArcaneDoor Backdoor Targets Cisco Devices in Espionage Campaign
April 26, 2024
Cisco unveils discovery of 'ArcaneDoor,' a backdoor targeting their Adaptive Security Appliances (ASA) in a state-sponsored espionage campaign.
The threat group, UAT4356, exploited two zero-days to plant persistent Lua-based malware on government networks and critical infrastructure.
ArcaneDoor campaign includes 'Line Runner' and 'Line Dancer' backdoors for network manipulation and surveillance, raising potential for further attacks.
Separate from ArcaneDoor, new malware 'HTTPSnoop' and 'PipeSnoop' target Middle Eastern telecoms, part of 'ShroudedSnooper' intrusion set.
Months-long investigation into ArcaneDoor with external intelligence partners indicates testing and development dating back to at least July 2023.
Cybersecurity community underscores the threat from state actors and the necessity of regular updates and monitoring for network defense.
Eclypsium introduces EDR-like detection for network device threats and enhances capabilities to identify and respond to Cisco ASA vulnerabilities.
Summary based on 2 sources
Get a daily email with more Tech stories
Sources

Security Boulevard • Apr 25, 2024
Defending Against ArcaneDoor: How Eclypsium Protects Network Devices