Cyberspies Breach Cisco Firewalls

Firewalls are known for keeping intruders from accessing networks or sensitive data. However, they are being targeted more often and are being used as weak points to raid the systems they are meant to protect. One victim of surfacing attacks is Cisco. The company warned that their Adaptive Security Appliances (ASA) which integrate firewall and VPN as security features was targeted by a state-sponsored hacker group. The group exploited two zero-day vulnerabilities to gain access to government information as part of a campaign named ArcaneDoor. The group responsible for the attack has not been associated with the groups of previous intrusions however, the group has been given different names by Ciscos security division and Microsoft investigators

Cisco refused to state a country where they believed the hacker group originated yet the campaign seems to align with China’s interests. It was also stated that the hacking campaign started in November 2023 with most of the instructions being around December and early January of this year. “The investigation that followed identified additional victims, all of which involved government networks globally,” the company’s report reads.

The hackers exploited two new zero-days in Cisco’s ASA. One is called Line Dancer which allows hackers to run malicious code in the network memory. It also gives them the ability to spy on network traffic and steal data. The second vulnerability goes by the name of Line Runner which allowed hackers to maintain their control over networks even after updates or maintenance. While both these vulnerabilities have been named, it is unclear how the hackers first used these exploits as first points of entry. It is also unclear how the hackers first even got into the system.

Backed by the recent discovery, Cisco has updated its systems and fixed both zero-day vulnerabilities. Even Line Runner was stopped from reinstalling itself onto the network by simply unplugging the ASA system. This was confirmed to disrupt the hackers’ access as well as Line Runner itself.

State-sponsored hacker groups/campaigns like ArcaneDoor are becoming more and more common. This is partly due to countries or states wanting to gain advantages over other countries/states. The human nature to be the best will be expressed more and more through the downfall of networks or the enhancement of them.

Leave a Reply

Your email address will not be published. Required fields are marked *