The cyberespionage campaign called ArcaneDoor, targeting Cisco firewalls with two zero-day vulnerabilities, is suspected to be the work of a Chinese threat actor, according to Censys. Cisco’s Talos unit disclosed the campaign’s details, revealing that a group tracked as UAT4356 and Storm-1849 exploited the vulnerabilities to target government networks globally. While the initial attack vector remains unknown, evidence suggests testing began as early as July 2023. Talos has attributed the attacks to a state-sponsored threat actor, and Wired reported alignment with China’s interests. Censys’s investigation into the indicators of compromise supports this theory, with evidence linking the attacks to Chinese networks and the presence of Chinese-developed anti-censorship software. Ongoing activity on attacker-controlled IP addresses indicates ongoing operations.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.