Storm-1849
MISP
Type:
Unknown
Unknown
Country:
Unknown
Unknown
First seen:
Unknown
Unknown
Details:
UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called "Line Runner" and "Line Dancer." The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.
Aliases (108)
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
UAT4356
Metadata
| ID: | 673 |
| Created: | 13/01/2026 17:48 |
| Updated: | 08/03/2026 16:00 |