State-Sponsored Hackers Use Cisco Zero-Day Vulnerabilities to Compromise Global Government Networks

The hacking group identified as UAT4356 exploited two zero-days in Cisco's security appliances, initiating a sophisticated cyber-espionage campaign.

Hackers targeted Cisco's Adaptive Security Appliances and Firepower Threat Defense firewalls, exploiting vulnerabilities to install advanced malware.
The campaign, known as ArcaneDoor, began in November 2023 and has primarily targeted government networks worldwide.
Two unique malware implants, Line Dancer and Line Runner, were used to maintain persistence and conduct espionage activities.
Cisco has issued patches for the vulnerabilities and urges all users to update their systems to prevent further intrusions.
The attacks highlight a broader trend of state-sponsored actors targeting network perimeter devices to gain access to sensitive government networks.