When we investigated the actor-controlled IPs provided by Talos in Censys data and cross-referenced the with other certificate indicators, we discovered compelling data suggesting the potential involvement of an actor based in China, including links to multiple major Chinese networks and the presence of Chinese-developed anti-censorship software. Cisco Talos identified three zero days in two Cisco firewall products as part of an investigation into a larger threat actor campaign called “ ArcaneDoor ” that targeted government-owned perimeter network devices globally, with exploitation going back to January 2024
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Sample Indicators of Compromise:
212.193.2.48
