Government cyber agencies worldwide are taking swift action to address a sophisticated espionage campaign targeting widely-used security software for remote workers. Describing the threat as “serious and urgent,” Canada’s Communication Security Establishment’s Centre for Cyber Security, along with international allies, has advised organizations to promptly address vulnerabilities following a significant breach at technology security firm Cisco.
The affected technology is commonly utilized by organizations to facilitate virtual private networks (VPNs), crucial for remote workers. The guidance issued by CSE is specifically targeting critical infrastructure sectors, including governmental bodies, academic institutions, and research facilities.
Rajiv Gupta, head of the Canadian Centre for Cyber Security, emphasized the gravity of the situation, stating that threat actors are increasingly targeting outdated systems with advanced tactics. He urged all critical infrastructure sectors to act swiftly in response.
Cisco revealed that it became aware of an attack in May affecting its adaptive security appliances (ASA). The company later discovered that the same threat actor exploited new vulnerabilities in ASA devices to deploy malware, execute commands, and potentially extract data from compromised devices. Cisco suspects that the attackers are linked to the ArcaneDoor campaign, described as a state-sponsored espionage-focused operation.
While CSE did not disclose the perpetrators of the attack, it is actively investigating the extent of the vulnerability in Canada. A spokesperson emphasized the importance of heeding their warning.
Mike Gropp, a cybersecurity adviser at Rogers Cybersecure Catalyst, warned that the breach compromised the primary defense mechanisms of numerous Canadian organizations, including banks, hospitals, utilities, and public agencies. He highlighted the severe consequences of a successful attack, such as data theft, surveillance, and disruption of essential services.
Gropp outlined that the tactics used in the recent Cisco attack align with those of state-sponsored actors like China or Russia, who prioritize stealth and persistence to gain geopolitical advantages. These actors likely aim to access sensitive government information or disrupt critical services for strategic leverage.
The U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive urging federal civilian agencies to patch vulnerabilities by midnight following the ongoing campaign targeting Cisco. The United Kingdom’s National Cyber Security Centre also issued a warning, noting the advanced nature of the malware used in the attack.
CSE is collaborating with Cisco and the Five Eyes intelligence alliance to provide assistance in addressing the situation.
