"ArcaneDoor Espionage Campaign Targeting Cisco Firewalls Linked to China"

According to security researchers at Censys, the recently uncovered cyberespionage campaign named ArcaneDoor, which involves hacked Cisco firewalls, may be the work of a Chinese threat actor. The researchers noted that when it investigated the actor-controlled IPs provided by Talos and cross-referenced them with other certificate indicators, they discovered compelling data suggesting the potential involvement of an actor based in China, including links to multiple major Chinese networks and the presence of Chinese-developed anti-censorship software. The researchers found four of the five network hosting systems that present an SSL certificate identified by Talos are based in China. An investigation of the attacker-controlled IP addresses showed that half of the 22 IPs identified by Talos are still online, indicating ongoing activity. Further analysis led the researchers to GitHub projects written in Chinese, including anti-censorship tools.

 

SecurityWeek reports: "ArcaneDoor Espionage Campaign Targeting Cisco Firewalls Linked to China"

Submitted by Adam Ekwall on