"Cisco on Thursday revealed that it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May 2025 that targeted Adaptive Security Appliance (ASA) 5500-X Series devices to implant malware, execute commands, and potentially exfiltrate data from the compromised devices. An in-depth analysis of firmware extracted from the infected devices running Cisco Secure Firewall ASA Software with VPN web services enabled ultimately led to the discovery of a memory corruption bug in the product software, it added."
"Attackers were observed to have exploited multiple zero-day vulnerabilities and employed advanced evasion techniques such as disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent diagnostic analysis," the company said. The activity involves the exploitation of CVE-2025-20362 (CVSS score: 6.5) and CVE-2025-20333 (CVSS score: 9.9) to bypass authentication and execute malicious code on susceptible appliances. The campaign is assessed to be linked to a threat cluster dubbed ArcaneDoor, which was attributed to a suspected China-linked hacking group known as UAT4356 (aka Storm-1849)."
The U.K. National Cyber Security Centre reported that threat actors exploited Cisco firewall zero-day vulnerabilities to deploy novel malware families RayInitiator and LINE VIPER. Those malware families show greater sophistication and enhanced evasion capabilities. Cisco began investigating attacks in May 2025 that targeted ASA 5500-X Series devices to implant malware, execute commands, and potentially exfiltrate data. Firmware analysis of infected devices running Cisco Secure Firewall ASA Software with VPN web services enabled revealed a memory corruption bug. Attackers exploited CVE-2025-20362 and CVE-2025-20333 and used evasion techniques including disabling logging and intercepting CLI commands. The campaign is linked to ArcaneDoor and attributed to suspected China-linked group UAT4356 (aka Storm-1849).
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]