Network security devices like firewalls are supposed to protect against hackers, but they are increasingly being targeted themselves. Cisco recently revealed that its Adaptive Security Devices were exploited by state-sponsored hackers to breach government networks globally in a hacking campaign known as ArcaneDoor. The hackers used two zero-day vulnerabilities to compromise these devices, allowing them to spy on network traffic and steal data.
The group behind these intrusions, identified as UAT4356 and STORM-1849, displayed a high level of sophistication and focus on espionage, leading Cisco to believe they are state-sponsored. While Cisco did not confirm the country responsible, sources suggest that the campaign may be aligned with China’s interests.
The hacking campaign, which began in November 2023, targeted global government networks, with most intrusions occurring between December and January. The vulnerabilities, Line Dancer and Line Runner, allowed hackers to execute malicious code and maintain access to compromised devices even after rebooting or updating. The company has issued software updates to address these vulnerabilities and advises customers to implement them promptly.
While a hard reset can prevent Line Runner from reinstalling, the National Cyber Security Center in the UK recommends physical disconnection of ASA devices to cut off hackers’ access. The ArcaneDoor campaign is part of a broader trend targeting network edge devices, such as firewalls and VPNs, to gain access to sensitive networks. These devices have become strategic targets for hackers looking to infiltrate organizations and redirect or monitor network communications.
Cisco’s Talos researchers emphasize the increase in attacks on edge devices in recent years, particularly in sectors like telecommunications and energy that are critical infrastructure. They warn that gaining a foothold in these devices gives hackers direct access to organizations and the ability to manipulate network traffic, posing a significant threat to national security.
Article Source
https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/