Norway recommends replacing SSL VPN to prevent breaches - #ArcaneDoor
The ArcaneDoor campaign is a sophisticated cyber espionage operation conducted by state-affiliated actors, suspected to be based in China. It exploits previously unknown vulnerabilities in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls, targeting governmental and critical infrastructure networks worldwide. The campaign has been active since November 2023, utilizing custom malware like Line Runner and Line Dancer for malicious activities such as configuration modification, network traffic capture, and lateral movement. Cisco has released security updates to address the identified vulnerabilities, and authorities have recommended patching and implementing additional security measures.