Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    OpenAI Leadership Responds to Meta Offers: ‘Someone Has Broken Into Our Home’

    June 30, 2025

    Microsoft Authenticator is ending support for passwords

    June 30, 2025

    AT&T says ‘our network’ wasn’t to blame for Trump’s troubled conference call

    June 30, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Cyberspies Hacked Cisco Firewalls to Access Government Networks
    Security

    Cyberspies Hacked Cisco Firewalls to Access Government Networks

    News RoomBy News RoomApril 28, 20244 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Network security appliances like firewalls are meant to keep hackers out. Instead, digital intruders are increasingly targeting them as the weak link that lets them pillage the very systems those devices are meant to protect. In the case of one hacking campaign over recent months, Cisco is now revealing that its firewalls served as beachheads for sophisticated hackers penetrating multiple government networks around the world.

    On Wednesday, Cisco warned that its so-called Adaptive Security Appliances—devices that integrate a firewall and VPN with other security features—had been targeted by state-sponsored spies who exploited two zero-day vulnerabilities in the networking giant’s gear to compromise government targets globally in a hacking campaign it’s calling ArcaneDoor.

    The hackers behind the intrusions, which Cisco’s security division Talos is calling UAT4356 and which Microsoft researchers who contributed to the investigation have named STORM-1849, couldn’t be clearly tied to any previous intrusion incidents the companies had tracked. Based on the group’s espionage focus and sophistication, however, Cisco says the hacking appeared to be state-sponsored.

    “This actor utilized bespoke tooling that demonstrated a clear focus on espionage and an in-depth knowledge of the devices that they targeted, hallmarks of a sophisticated state-sponsored actor,” a blog post from Cisco’s Talos researchers reads.

    Cisco declined to say which country it believed to be responsible for the intrusions, but sources familiar with the investigation tell WIRED the campaign appears to be aligned with China’s state interests.

    Cisco says the hacking campaign began as early as November 2023, with the majority of intrusions taking place between December and early January of this year, when it learned of the first victim. “The investigation that followed identified additional victims, all of which involved government networks globally,” the company’s report reads.

    In those intrusions, the hackers exploited two newly discovered vulnerabilities in Cisco’s ASA products. One, which it’s calling Line Dancer, let the hackers run their own malicious code in the memory of the network appliances, allowing them to issue commands to the devices, including the ability to spy on network traffic and steal data. A second vulnerability, which Cisco is calling Line Runner, would allow the hackers’ malware to maintain its access to the target devices even when they were rebooted or updated. It’s not yet clear if the vulnerabilities served as the initial access points to the victim networks, or how the hackers might have otherwise gained access before exploiting the Cisco appliances.

    Cisco has released software updates to patch both vulnerabilities, and advises that customers implement them immediately, along with other recommendations for detecting whether they’ve been targeted. Despite the hackers’ Line Runner persistence mechanism, a separate advisory from the UK’s National Cybersecurity Center notes that physically unplugging an ASA device does disrupt the hackers’ access. “A hard reboot by pulling the power plug from the Cisco ASA has been confirmed to prevent Line Runner from re-installing itself,” the advisory reads.

    The ArcaneDoor hacking campaign represents just the latest series of intrusions to target network perimeter applications sometimes referred to as “edge” devices like email servers, firewalls, and VPNs—often devices intended to provide security—whose vulnerabilities allowed hackers to obtain a staging point inside a victim’s network. Cisco’s Talos researchers warn of that broader trend in their report, referring to highly sensitive networks that they’ve seen targeted via edge devices in recent years. “Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications,” they write. “In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations—critical infrastructure entities that are likely strategic targets of interest for many foreign governments.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleBattle of the best robovacs (that iRobot doesn’t make)
    Next Article The OLED iPad Pro could launch with an M4 chip

    Related Posts

    Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

    June 30, 2025

    Taiwan Is Rushing to Make Its Own Drones Before It’s Too Late

    June 28, 2025

    What Satellite Images Reveal About the US Bombing of Iran’s Nuclear Sites

    June 27, 2025

    Here’s What Federal Troops Can (and Can’t) Do While Deployed in LA

    June 25, 2025

    Truth Social Crashes as Trump Live-Posts Iran Bombing

    June 25, 2025

    ‘No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings

    June 23, 2025
    Our Picks

    Microsoft Authenticator is ending support for passwords

    June 30, 2025

    AT&T says ‘our network’ wasn’t to blame for Trump’s troubled conference call

    June 30, 2025

    The government’s Apple antitrust lawsuit is still on

    June 30, 2025

    Apple’s AI Siri might be powered by OpenAI

    June 30, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Reviews

    The best Switch 2 screen protector you should buy

    By News RoomJune 30, 2025

    All of the protectors in this buying guide claim to be a 9 on the…

    The Nintendo Switch 2 will be available in-store at Best Buy on July 1st

    June 30, 2025

    Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt

    June 30, 2025

    Mark Zuckerberg announces his AI ‘superintelligence’ super-group

    June 30, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.