ArcaneDoor attacks linked to Chinese threat actors

Threat operation UAT4356, also known as Storm-1849, which was behind the ArcaneDoor cyber espionage campaign that targeted Cisco firewalls and third-party perimeter network devices, has been linked to China following an investigation into the group’s attack infrastructure, according to The Hacker News.

In addition to the fact that most of the company’s online hosts were linked to ChinaNet and Tencent’s autonomous systems with the SSL certificate, UAT4356 also used an IP address pointing to an anti-censorship tool running on an Open -Source project based on a Chinese-language website, a report from Censys showed. The results suggest that “some of these hosts were running services related to anti-censorship software that were likely aimed at bypassing the Great Firewall,” the researchers said.

Such a development follows a report by Sekoia detailing the PlugX Trojan, which has been shown to target countries critical to the success of China’s Belt and Road Initiative.

“(PlugX) was designed to collect information in various countries on the strategic and security concerns related to the Belt and Road Initiative, particularly related to its maritime and economic aspects,” Sekoia researchers said.

Related Posts

2023 NCAA champion Kensey McMahon banned for four years for positive doping test

One dead after attack on ferry in Russian port, regional official says

Woman, 65, killed in hit-and-run accident in Downers Grove