Draft:ArcaneDoor: Difference between revisions
Submitting using AfC-submit-wizard |
linking CVEs |
||
Line 3: | Line 3: | ||
{{AfC topic|stem}} |
{{AfC topic|stem}} |
||
{{AfC submission|||ts=20240429100736|u=The Anome|ns=118}} |
{{AfC submission|||ts=20240429100736|u=The Anome|ns=118}} |
||
{{AFC submission|d|v|u=The Anome|ns=118|decliner=Umakant Bhalerao|declinets=20240428143615|ts=20240428105754}} |
{{AFC submission|d|v|u=The Anome|ns=118|decliner=Umakant Bhalerao|declinets=20240428143615|ts=20240428105754}} |
||
<!-- Do not remove this line! --> |
|||
{{draft}} |
{{draft}} |
||
'''ArcaneDoor''' is a cybercrime/cyberwarfare campaign involving state actors that targets network edge devices.<ref>{{Cite news |last=Greenberg |first=Andy |title=Cyberspies Hacked Cisco Firewalls to Access Government Networks |url=https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/ |access-date=2024-04-29 |work=Wired |language=en-US |issn=1059-1028}}</ref><ref>{{Cite web |date=2024-04-26 |title=Global government networks breached in 'ArcaneDoor' espionage campaign |url=https://www.computing.co.uk/news/4201734/global-government-networks-breached-arcanedoor-espionage-campaign |access-date=2024-04-29 |website=www.computing.co.uk |language=en}}</ref><ref>{{Cite web |last=Lyons |first=Jessica |title='Sophisticated' nation-state crew exploiting Cisco firewalls |url=https://www.theregister.com/2024/04/24/spies_cisco_firewall/ |access-date=2024-04-29 |website=www.theregister.com |language=en}}</ref><ref>{{Cite web |date=2024-04-24 |title=ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |url=https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ |access-date=2024-04-28 |website=Cisco Talos Blog |language=en}}</ref><ref>{{Cite web |last=Coker |first=James |date=2024-04-25 |title=State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities |url=https://www.infosecurity-magazine.com/news/stateespionage-campaign-cisco/ |access-date=2024-04-29 |website=Infosecurity Magazine |language=en-gb}}</ref> It has exploited a number of [[Zero-day vulnerability|zero-day vulnerabilities]] in Cisco devices.<ref name=BleepingComputer>{{Cite web |title=ArcaneDoor hackers exploit Cisco zero-days to breach govt networks |url=https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/ |access-date=2024-04-28 |website=BleepingComputer |language=en-us}}</ref> |
'''ArcaneDoor''' is a cybercrime/cyberwarfare campaign involving state actors that targets network edge devices.<ref>{{Cite news |last=Greenberg |first=Andy |title=Cyberspies Hacked Cisco Firewalls to Access Government Networks |url=https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/ |access-date=2024-04-29 |work=Wired |language=en-US |issn=1059-1028}}</ref><ref>{{Cite web |date=2024-04-26 |title=Global government networks breached in 'ArcaneDoor' espionage campaign |url=https://www.computing.co.uk/news/4201734/global-government-networks-breached-arcanedoor-espionage-campaign |access-date=2024-04-29 |website=www.computing.co.uk |language=en}}</ref><ref>{{Cite web |last=Lyons |first=Jessica |title='Sophisticated' nation-state crew exploiting Cisco firewalls |url=https://www.theregister.com/2024/04/24/spies_cisco_firewall/ |access-date=2024-04-29 |website=www.theregister.com |language=en}}</ref><ref>{{Cite web |date=2024-04-24 |title=ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |url=https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ |access-date=2024-04-28 |website=Cisco Talos Blog |language=en}}</ref><ref>{{Cite web |last=Coker |first=James |date=2024-04-25 |title=State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities |url=https://www.infosecurity-magazine.com/news/stateespionage-campaign-cisco/ |access-date=2024-04-29 |website=Infosecurity Magazine |language=en-gb}}</ref> It has exploited a number of [[Zero-day vulnerability|zero-day vulnerabilities]] in Cisco devices, including {{CVE|2024-2035}} and {{CVE|2024-20359}}.<ref name=BleepingComputer>{{Cite web |title=ArcaneDoor hackers exploit Cisco zero-days to breach govt networks |url=https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/ |access-date=2024-04-28 |website=BleepingComputer |language=en-us}}</ref> |
||
It implants two [[Dropper (malware)|malware tippers]], ''Line Runner'' and ''Line Dancer'', that target [[Cisco Adaptive Security Appliance]]s and [[Firepower Threat Defense]] devices.<ref name=BleepingComputer/><ref>{{Cite web |date=24 April 2024 |title=Malware Tipper: Line Runner|url=https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-runner.pdf |access-date=2024-04-28 |website=[[National Cyber Security Centre (United Kingdom)|National Cyber Security Centre]]}}</ref><ref>{{Cite web |date=24 April 2024 |title=Malware Tipper: Line Dancer |url=https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf |access-date=2024-04-28 |website=[[National Cyber Security Centre (United Kingdom)|National Cyber Security Centre]]}}</ref><ref>{{Cite web |title=Cisco zero-day flaws in ASA, FTD software under attack |url=https://www.techtarget.com/searchsecurity/news/366582137/Cisco-zero-day-flaws-in-ASA-FTD-software-under-attack |access-date=2024-04-28 |website=TechTarget |language=en}}</ref> |
It implants two [[Dropper (malware)|malware tippers]], ''Line Runner'' and ''Line Dancer'', that target [[Cisco Adaptive Security Appliance]]s and [[Firepower Threat Defense]] devices.<ref name=BleepingComputer/><ref>{{Cite web |date=24 April 2024 |title=Malware Tipper: Line Runner|url=https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-runner.pdf |access-date=2024-04-28 |website=[[National Cyber Security Centre (United Kingdom)|National Cyber Security Centre]]}}</ref><ref>{{Cite web |date=24 April 2024 |title=Malware Tipper: Line Dancer |url=https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf |access-date=2024-04-28 |website=[[National Cyber Security Centre (United Kingdom)|National Cyber Security Centre]]}}</ref><ref>{{Cite web |title=Cisco zero-day flaws in ASA, FTD software under attack |url=https://www.techtarget.com/searchsecurity/news/366582137/Cisco-zero-day-flaws-in-ASA-FTD-software-under-attack |access-date=2024-04-28 |website=TechTarget |language=en}}</ref> |
Revision as of 10:10, 29 April 2024
Review waiting, please be patient.
This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,659 pending submissions waiting for review.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Reviewer tools
|
Submission declined on 28 April 2024 by Umakant Bhalerao (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
This draft has been resubmitted and is currently awaiting re-review. |
This is a draft article. It is a work in progress open to editing by anyone. Please ensure core content policies are met before publishing it as a live Wikipedia article. Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Last edited by The Anome (talk | contribs) 16 days ago. (Update)
This draft has been submitted and is currently awaiting review. |
ArcaneDoor is a cybercrime/cyberwarfare campaign involving state actors that targets network edge devices.[1][2][3][4][5] It has exploited a number of zero-day vulnerabilities in Cisco devices, including CVE-2024-2035 and CVE-2024-20359.[6]
It implants two malware tippers, Line Runner and Line Dancer, that target Cisco Adaptive Security Appliances and Firepower Threat Defense devices.[6][7][8][9]
References
- ^ Greenberg, Andy. "Cyberspies Hacked Cisco Firewalls to Access Government Networks". Wired. ISSN 1059-1028. Retrieved 2024-04-29.
- ^ "Global government networks breached in 'ArcaneDoor' espionage campaign". www.computing.co.uk. 2024-04-26. Retrieved 2024-04-29.
- ^ Lyons, Jessica. "'Sophisticated' nation-state crew exploiting Cisco firewalls". www.theregister.com. Retrieved 2024-04-29.
- ^ "ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices". Cisco Talos Blog. 2024-04-24. Retrieved 2024-04-28.
- ^ Coker, James (2024-04-25). "State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities". Infosecurity Magazine. Retrieved 2024-04-29.
- ^ a b "ArcaneDoor hackers exploit Cisco zero-days to breach govt networks". BleepingComputer. Retrieved 2024-04-28.
- ^ "Malware Tipper: Line Runner" (PDF). National Cyber Security Centre. 24 April 2024. Retrieved 2024-04-28.
- ^ "Malware Tipper: Line Dancer" (PDF). National Cyber Security Centre. 24 April 2024. Retrieved 2024-04-28.
- ^ "Cisco zero-day flaws in ASA, FTD software under attack". TechTarget. Retrieved 2024-04-28.