Network Security, Endpoint/Device Security, Threat Intelligence

ArcaneDoor attacks linked to Chinese threat actors

Data protection, binary code with China flag

Threat operation UAT4356, also known as Storm-1849, which was behind the ArcaneDoor cyberespionage campaign that targeted Cisco firewalls and other vendors' perimeter network devices, has been associated with China following an investigation of the group's attack infrastructure, according to The Hacker News.

Aside from most of the operation's online hosts with the SSL certificate having been linked with ChinaNet and Tencent autonomous systems, UAT4356 has also used an IP address referencing an anti-censorship tool based on an open-source project with a Chinese language website, a report from Censys showed. The findings indicate that "some of these hosts were running services associated with anti-censorship software likely intended to circumvent The Great Firewall," said researchers.

Such a development follows a Sekoia report detailing the PlugX trojan, which was found to have targeted countries crucial to the success of China's Belt and Road Initiative.

"[PlugX] was developed to collect intelligence in various countries about the strategic and security concerns associated with the Belt and Road Initiative, mostly on its maritime and economic aspects," said Sekoia researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.