diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 59c3f2f..8069eb3 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15917,6 +15917,19 @@ }, "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953", "value": "ArcaneDoor" + }, + { + "description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.", + "meta": { + "refs": [ + "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/" + ], + "synonyms": [ + "UAT4356" + ] + }, + "uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4", + "value": "STORM-1849" } ], "version": 308