From 177fadbc10255add55d90710a93b0eaf6a22c387 Mon Sep 17 00:00:00 2001 From: Delta-Sierra Date: Fri, 26 Apr 2024 10:36:26 +0200 Subject: [PATCH] Add Arcane Door --- clusters/threat-actor.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 3e289e9e..59c3f2f9 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -15907,7 +15907,17 @@ }, "uuid": "f5f6d4eb-1ec3-494e-807d-5b767122f9b2", "value": "UAC-0149" + }, + { + "description": "ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective. Gaining a foothold on these devices allows an actor to directly pivot into an organization, reroute or modify traffic and monitor network communications. In the past two years, we have seen a dramatic and sustained increase in the targeting of these devices in areas such as telecommunications providers and energy sector organizations — critical infrastructure entities that are likely strategic targets of interest for many foreign governments.", + "meta": { + "refs": [ + "https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/" + ] + }, + "uuid": "97a10d3b-5cb5-4df9-856c-515994f3e953", + "value": "ArcaneDoor" } ], - "version": 307 + "version": 308 }