A malware campaign exploited two zero-day flaws present within Cisco to deliver malware and perform data collection on targets.

The malware campaign, titled ArcaneDoor courtesy of Cisco Talos attributed the campaign to a state-sponsored actor known as UAT4356. Also known by the name Storm-1849 by Microsoft. The malware campaign was first discovered in January 2024. It exploited vulnerabilities present within Cisco networking gear known as CVE-2024-20353 and CVE-2024-20359. Both vulnerabilities have been discovered within Cisco Adaptive Security Appliance and Firepower Threat Defense Software. The exploitation of both vulnerabilities enabled the threat actor to deploy two backdoors to exact the campaign. According to Talos, This includes the ability to conduct reconnaissance, data exfiltration, and network traffic capturing on the target. Threat actor UAT4356 began preparations to execute the malware campaign starting in July 2023. The threat actor also implemented obfuscation techniques including evading memory forensics and concerted efforts to lower detection and covering the digital footprints of the campaign. The threat actor was also sophisticated in its ability to ensure the survivability of the campaign through updates and reboots. So far, it is unclear which country is specifically responsible the ArcaneDoor malware campaign

Read more:

https://thehackernews.com/2024/04/state-sponsored-hackers-exploit-two.html