Government cyber agencies worldwide are swiftly responding to a sophisticated espionage campaign targeting popular security software used by remote workers. Canada’s Communication Security Establishment’s (CSE) Centre for Cyber Security, along with international allies, has labeled the threat as “serious and urgent,” urging organizations to promptly address vulnerabilities following a significant breach on technology security company Cisco.
The affected technology, commonly facilitating virtual private networks (VPNs) crucial for remote workers, has prompted CSE to issue guidance targeting critical infrastructure sectors such as municipal, provincial, and territorial governments, academia, and research facilities. Rajiv Gupta, head of the Canadian Centre for Cyber Security, emphasized the critical nature of the situation and urged swift action from all critical infrastructure sectors.
Cisco acknowledged being alerted to an attack in May that impacted its adaptive security appliances (ASA). The company revealed that the same threat actor exploited new vulnerabilities in ASA devices to deploy malware, execute commands, and potentially extract data from compromised devices. Cisco suspects the attackers are linked to the ArcaneDoor campaign, described as a state-sponsored actor conducting an espionage-focused initiative.
While CSE refrained from attributing the attack to a specific entity, it continues to investigate the vulnerability’s extent in Canada. A spokesperson emphasized the seriousness of the warning issued to CBC News. Mike Gropp, a senior cybersecurity adviser, likened the breach to a significant breach in the defense of corporate and government networks by compromising Cisco’s firewalls, which are prevalent in various Canadian organizations.
Gropp highlighted that successful attacks on these devices could lead to the monitoring, theft, or rerouting of network traffic, potentially exposing sensitive data and disrupting essential services. The tactics employed in the recent Cisco attack align with those of state-sponsored actors, aiming for stealth and persistence to gain geopolitical advantage, according to Gropp.
The U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive urging federal civilian agencies to patch vulnerabilities by midnight in response to the ongoing campaign on Cisco. The United Kingdom’s National Cyber Security Centre also issued a warning, acknowledging the malware’s enhanced sophistication and the hackers’ ability to evade detection. CSE is collaborating with Cisco and the Five Eyes intelligence alliance to provide assistance in addressing the situation.
