Researchers from the Cisco Talos security team warn that hackers with government background are exploiting two zero-days in Cisco firewalls to invade government networks around the world. Researchers say that starting in November last year, a hacker group known as UAT435 aka STORM-1849 used two 0days to install two new malicious programs. The attacker used a combination of exploit chains that exploited multiple vulnerabilities, at least two of which were zero-days; one of the two fully functional backdoors only ran in memory to prevent detection; and the attackers carefully removed the traces left by the backdoor. Researchers believe the attacker has a national background based on his behavioral characteristics. One of the two Adaptive Security Appliances firewall 0day vulnerabilities exploited by attackers is CVE-2024-20359 and the other is CVE-2024-20353. Cisco has released a patch to fix the vulnerability.
https://arstechnica.com/security/2024/04/cisco-firewall-0-days-under-attack-for-5-months-by-resourceful-nation-state-hackers/
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
GIPHY App Key not set. Please check settings