The cyberespionage campaign called ArcaneDoor, targeting Cisco firewalls with two zero-day vulnerabilities, is suspected to be the work of a Chinese threat actor, according to Censys. Cisco’s Talos unit disclosed the campaign’s details, revealing that a group tracked as UAT4356 and Storm-1849 exploited the vulnerabilities to target government networks globally. While the initial attack vector remains unknown, evidence suggests testing began as early as July 2023. Talos has attributed the attacks to a state-sponsored threat actor, and Wired reported alignment with China’s interests. Censys’s investigation into the indicators of compromise supports this theory, with evidence linking the attacks to Chinese networks and the presence of Chinese-developed anti-censorship software. Ongoing activity on attacker-controlled IP addresses indicates ongoing operations.

Read more: https://www.securityweek.com/arcanedoor-espionage-campaign-targeting-cisco-firewalls-linked-to-china/