State-Sponsored ArcaneDoor Backdoor Targets Cisco Devices in Espionage Campaign

April 27, 2024
State-Sponsored ArcaneDoor Backdoor Targets Cisco Devices in Espionage Campaign
  • Cisco unveils discovery of 'ArcaneDoor,' a backdoor targeting their Adaptive Security Appliances (ASA) in a state-sponsored espionage campaign.

  • The threat group, UAT4356, exploited two zero-days to plant persistent Lua-based malware on government networks and critical infrastructure.

  • ArcaneDoor campaign includes 'Line Runner' and 'Line Dancer' backdoors for network manipulation and surveillance, raising potential for further attacks.

  • Separate from ArcaneDoor, new malware 'HTTPSnoop' and 'PipeSnoop' target Middle Eastern telecoms, part of 'ShroudedSnooper' intrusion set.

  • Months-long investigation into ArcaneDoor with external intelligence partners indicates testing and development dating back to at least July 2023.

  • Cybersecurity community underscores the threat from state actors and the necessity of regular updates and monitoring for network defense.

  • Eclypsium introduces EDR-like detection for network device threats and enhances capabilities to identify and respond to Cisco ASA vulnerabilities.

Summary based on 2 sources


Get a daily email with more Tech stories

Related Stories