| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called "Line Runner" and "Line Dancer." The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.
There are currently no families associated with this actor.
| 2024-04-24
⋅
Cisco
⋅
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices ArcaneDoor Storm-1849 |