Cisco claims multiple government networks breached by attackers

25 Apr 2024

Image: © doganmesut/Stock.adobe.com

Cisco said this espionage-focused campaign has been in development since July 2023 and has issued a security patch to fix these flaws.

Tech multinational Cisco has disclosed that cyberattackers are exploiting vulnerabilities in its security products to breach government networks.

The company claims it has spotted an espionage campaign – named ArcaneDoor – targeting perimeter network devices for the purpose of gaining a foothold into organisations and monitoring network traffic. Cisco believes ArcaneDoor involves “state-sponsored” cyberattackers.

Cisco said it was informed in early 2024 by a “vigilant customer” about potential vulnerabilities in Cisco’s Adaptive Security Appliances – the company’s family of security device products.

The company claims it discovered two vulnerabilities that have been actively exploited by ArcaneDoor to conduct malicious activity, including “configuration modification, reconnaissance, network traffic capture/exfiltration and potentially lateral movement”.

Cisco claims its investigation found victims globally, all of which were government networks. The company claims it found “actor-controlled infrastructure” dating back to early November 2023 and that most activity took place between December 2023 and early January 2024.

“Further, we have identified evidence that suggests this capability was being tested and developed as early as July 2023,” Cisco said in a blogpost.

Cisco has issued software patches for these vulnerabilities and said its investigation was supported by multiple cybersecurity agencies worldwide. The Canadian Centre for Cybersecurity said the capabilities of these cyberattacks suggest they are being conducted by a “well-resourced and sophisticated state-sponsored actor”.

“The sophistication demonstrated by the threat actors’ use of multiple layers of novel techniques and the concurrent operations against multiple targets around the world is cause for concern to the authoring agencies,” the centre said.

“Since VPN services are essential components of computer network security, vulnerabilities in such services are particularly consequential and a public disclosure of critical vulnerabilities can enable their use by a wide variety of threat actors.”

Last October, Cisco shared details of a vulnerability in its IOS XE software that was actively exploited and let attackers effectively gain full control of affected devices and conduct further “unauthorised activity”.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com