Government cyber agencies worldwide are swiftly responding to an advanced espionage campaign targeting popular security software utilized by remote workers. Describing the threat as “serious and urgent,” Canada’s Communication Security Establishment’s (CSE) Centre for Cyber Security, in coordination with international allies, has advised organizations to promptly address vulnerabilities following a significant breach on technology security firm Cisco.
The affected technology is commonly employed by organizations for virtual private networks (VPN), essential for numerous remote workers. Emphasizing the widespread impact, CSE’s guidance is directed at critical infrastructure sectors, including governmental bodies, academic institutions, and research facilities.
Rajiv Gupta, head of the Canadian Centre for Cyber Security, highlighted the critical nature of the situation, urging Canadian organizations to take swift action against the increasing sophistication of threat actors targeting legacy systems.
Cisco revealed that it became aware of an attack in May affecting its adaptive security appliances (ASA). The company confirmed that the same threat actors exploited new vulnerabilities in ASA devices to install malware, execute commands, and potentially extract data from compromised devices. Cisco expressed high confidence that these attackers are linked to the ArcaneDoor campaign, orchestrated by a state-sponsored actor focusing on espionage.
While CSE refrained from attributing the attack to a specific entity, it is actively investigating the extent of the vulnerability in Canada. A spokesperson strongly advised organizations to heed the warning seriously.
According to Mike Gropp, a senior cybersecurity adviser, the recent attack on Cisco’s firewalls poses a significant threat to the security of numerous Canadian organizations, including banks, hospitals, utilities, and public agencies. The breach allows attackers to intercept, steal, or redirect network traffic, potentially exposing sensitive information and disrupting vital services.
Gropp noted that the tactics employed in this attack align with those of state-sponsored actors like China or Russia, who prioritize stealth and persistence to achieve geopolitical advantages. These actors likely seek government communications or information on emerging technologies or aim to disrupt services for strategic leverage in critical situations.
The U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive instructing federal civilian agencies to patch vulnerabilities in response to the ongoing campaign targeting Cisco. The United Kingdom’s National Cyber Security Centre also issued a warning, highlighting the advanced nature of the malware used in the attack.
CSE is collaborating with Cisco and the Five Eyes intelligence alliance to provide necessary support in addressing the situation.