What is the Attack?
Cisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It reported that these appliances had become the focus of state-sponsored espionage, with attackers exploiting two previously unknown vulnerabilities to infiltrate government entities worldwide. In this campaign, two backdoors were deployed: “Line Runner” and “Line Dancer.” These backdoors operated in tandem to execute various malicious activities on the target systems, encompassing configuration alterations, reconnaissance, capturing/exfiltrating network traffic, and potentially facilitating lateral movement.
What is the recommended Mitigation?
According to Cisco’s advisory, the initial attack vector remains unidentified, two vulnerabilities (CVE-2024-20353 and CVE-2024-20359) have been pinpointed. Customers are strongly urged to adhere to the instructions outlined in the security advisories provided. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response
What FortiGuard Coverage is available?
FortiGuard Labs has blocked all the known Indicators of compromise (IoCs) related to this campaign as listed on Cisco’s advisory and is currently investigating for further protections. Meanwhile, FortiGuard Labs recommends users apply patches as provided by Cisco’s Product Security Incident Response Team (PSIRT).
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...