ZERO-DAY VULNERABILITY IN Cisco Adaptive Security Appliances ALLOWS ACCESS TO GOVERNMENT NETWORKS – ArcaneDoor

Posted on By topbento
Breach, News, Vulnerability

A state-sponsored threat actor group has apparently leveraged two zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) to gain access to government systems and conduct espionage. Cisco is calling the campaign ArcaneDoor and based on the sophistication of the attacks their security division, Talos, believes it to be a state-sponsored group they are calling UAT4356. The campaign appears to have started as early as November 2023.

The combination of the two vulnerabilities allowed threat actors to run malicious code in memory, spy on network traffic, steal data, and maintain access after a reboot of the device.

Indications Of Compromise (IOCs) are available in the Cisco Talos blog linked below.

More info below!

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices

https://www.tenable.com/blog/cve-2024-20353-cve-2024-20359-frequently-asked-questions-about-arcanedoor

https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20353

https://nvd.nist.gov/vuln/detail/CVE-2024-20353

You may also like

Cloud
AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION
April 19, 2022
Malware
HARDWARE ARRIVES FROM CHINA COMPLETE WITH PREINSTALLED MALWARE
January 25, 2022
Uncategorized
ADDITIONAL ANALYSIS ON THE xz Utils BACKDOOR
April 9, 2024
News
SEVERITY UPGRADE for Log4Shell CVE-2021-45046
December 17, 2021