Subj : Cisco reveals zero-day attacks used by hackers to attack governme To : All From : TechnologyDaily Date : Thu Apr 25 2024 14:15:05 Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign Date: Thu, 25 Apr 2024 13:01:02 +0000 Description: Two new Cisco flaws helping hackers mount espionage campaigns were recently patched. FULL STORY ====================================================================== Unidentified, sophisticated threat actors, possibly affiliated with nation-states in the East, were found abusing two flaws in Cisco VPNs and firewalls, to drop malware used for espionage. Their targets include governments and critical infrastructure networks all around the world. A report from Cisco Talos as well as a joint security advisory released by the Canadian Centre for Cyber Security (Cyber Centre), the Australian Signals Directorate's Cyber Security Centre, and the UK's National Cyber Security Centre (NCSC) outlined the campaign, called the campaign ArcaneDoor. The threat actor, tracked as UAT4356 or STORM-1849, depending who you ask, abused two flaws to deliver the malware: CVE-2024-20353 and CVE-2024-20359, which were found in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices. Line Dancer and Line Runner The researchers arent sure on the initial vector used to deliver the malware, but a safe guess would be either with phishing, or social engineering. In any case, the attackers used the flaws to drop Line Dancer and Line Runner, two pieces of malware with different use cases. Line Dancer is described as an in-memory implant that can upload and execute arbitrary shellcode payloads. It is capable of a number of things that prevent forensic analysis. Furthermore, it can trick the Authentication, Authorization, and Accounting (AAA) function to allow the threat actors to establish a remote access VPN tunnel. Line Runner, on the other hand, is described as a persistent web shell that allows the attackers to upload and run arbitrary Lua scripts. The researchers did not share additional details. The nation-state behind the attacks, the targets, the number of victims, any sensitive data stolen, all these things remain unknown at the time. In its writeup, The Register speculates that it could be either China, or Russia, behind the attacks, as both countries have been observed recently targeting Cisco vulnerabilities. Although not confirmed, the researchers believe firewalls and VPNs from other vendors, including Microsoft, are also being targeted.Since the discovery, Cisco has now patched the flaws. More from TechRadar Pro Cisco patches IOS XE zero-days used to hack over 50,000 devices Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/cisco-reveals-zero-day-attacks-used-by- hackers-to-attack-government-networks-in-major-threat-campaign --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .