Storm-1849

MISP

Tipo:
Unknown

Paese:
Unknown

Prima attivita:
Unknown

Dettagli:

UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called "Line Runner" and "Line Dancer." The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.

Riferimenti (1)

blog.talosintelligence.com - Arcanedoor New Espionage Focused Campaign Found Targeting Perimeter Network Devices

Alias (108)

UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356 UAT4356

Metadata

ID:	673
Created:	13/01/2026 17:48
Updated:	08/03/2026 16:00