ZERO-DAY VULNERABILITY IN Cisco Adaptive Security Appliances ALLOWS ACCESS TO GOVERNMENT NETWORKS – ArcaneDoor

Posted on By topbento
Breach, News, Vulnerability

A state-sponsored threat actor group has apparently leveraged two zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) to gain access to government systems and conduct espionage. Cisco is calling the campaign ArcaneDoor and based on the sophistication of the attacks their security division, Talos, believes it to be a state-sponsored group they are calling UAT4356. The campaign appears to have started as early as November 2023.

The combination of the two vulnerabilities allowed threat actors to run malicious code in memory, spy on network traffic, steal data, and maintain access after a reboot of the device.

Indications Of Compromise (IOCs) are available in the Cisco Talos blog linked below.

More info below!

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices

https://www.tenable.com/blog/cve-2024-20353-cve-2024-20359-frequently-asked-questions-about-arcanedoor

https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20353

https://nvd.nist.gov/vuln/detail/CVE-2024-20353

You may also like

News
AMD TRUSTED COMPUTING VULNERABLE TO NEW BadRAM ATTACK
December 11, 2024
Malware
HARDWARE ARRIVES FROM CHINA COMPLETE WITH PREINSTALLED MALWARE
January 25, 2022
News
NVIDIA GEFORCE EXPERIENCE OS COMMAND INJECTION
June 7, 2019
News
BRUTE-FORCE ATTACKS TARGETING Citrix NetScaler UNDERWAY
December 14, 2024