[threat-actors] Add STORM-1849

clusters/threat-actor.json

@@ -15917,6 +15917,19 @@
       },
       "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953",
       "value": "ArcaneDoor"
+    },
+    {
+      "description": "UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called \"Line Runner\" and \"Line Dancer.\" The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.",
+      "meta": {
+        "refs": [
+          "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/"
+        ],
+        "synonyms": [
+          "UAT4356"
+        ]
+      },
+      "uuid": "3d94ef07-9fd6-4d64-bf1e-f1316f2686a4",
+      "value": "STORM-1849"
     }
   ],
   "version": 308