Monday, May 27, 2024
- Advertisement -
More

    Latest Posts

    Cisco Targeted By Sophisticated State-Backed Hacker Group

    Cisco’s Adaptive Security Appliances (ASA), security devices meant to protect corporate networks and data centres through features like firewalls and VPNs, were compromised in a state-sponsored hacker attack that targeted government officials globally. A press release by three government agencies, Canadian Centre for Cyber Security (Cyber Centre), Australian Signals Directorate’s Australian Cyber Security Centre and The UK’s National Cyber Security Centre (NCSC), states that the agencies were investigating a “well-resourced and sophisticated state-sponsored actor” targeting VPN services used by governments globally. 

    The report described the attackers as using ‘novel’ techniques, with the affected products mostly being CISCO ASA devices, series ASA55xx and running firmware ASA versions 9.12 and 9.14. A blog post from the company’s Talos cybersecurity intelligence service labelled the threat as ‘ArcaneDoor’ and described it as a campaign led by state-sponsored attackers, targeting perimeter network devices that would allow an attacker to modify or monitor traffic on a network. 

    The attack was discovered when a customer alerted Cisco’s security team in early 2024, which triggered a global investigation leading to the identification of a previously unknown actor now tracked as UAT4356 by Talos and STORM-1849 by the Microsoft Threat Intelligence Center. According to Cisco, the attacker “demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor.” The investigation revealed that the actor began developing and testing the attack as early as July 2023, with most of the activity taking place between December 2023 and early January 2024. Cisco identified two vulnerabilities that were abused in this campaign (CVE-2024-20353 and CVE-2024-20359), patches for which have been released. 

    According to a news report from WIRED, the attack patterns appear to align with Chinese espionage aims. However, no official statement from the company attribute the attack to China.

    This incident is the latest in a string of state-sponsored cyber-attacks occurring across the world. Earlier this month, the US Department of Homeland Security released a report analysing a China-backed hacker attack on a Microsoft platform, compromising the data of hundreds of key government officials. Talos also stated that network telemetry and intel obtained from outside intelligence partners “indicate the actor is interested in — and potentially attacking — network devices from Microsoft and other vendors.” Cisco has been targeted by China previously as well, and Russian backed hackers were found to have targeted water utilities in Europe and the US.

    Also Read:


    STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!


     

    The post Cisco Targeted By Sophisticated State-Backed Hacker Group appeared first on MediaNama.

    Latest Posts

    - Advertisement -

    Don't Miss

    Stay in touch

    To be updated with all the latest news, offers and special announcements.