Storm-1849Storm-1849

Also known as: UAT4356 · Storm-1849

Known aliases
2

Profile

UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called "Line Runner" and "Line Dancer." The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.

Aliases· 2

UAT4356Storm-1849

References

  1. https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
ArcaneDoor
Actor
Storm-0940
Actor
Storm-0473
Actor
CL-STA-0043
Actor
UAT-8616
Actor
Storm-0558
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.