Cyber Resilience

Campaign · all campaigns

ArcaneDoorC0046 unknown

aka ArcaneDoor

Last updated: 2026-07-03

2attributed CVEs
30ATT&CK techniques
8.6IDF score (tooling uniqueness)
2exclusive CVEs
2018–2025years active

About this actor

[ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is a campaign targeting networking devices from Cisco and other vendors between July 2023 and April 2024, primarily focused on government and critical infrastructure networks. [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is associated with the deployment of the custom backdoors [Line Runner](https://attack.mitre.org/software/S1188) and [Line Dancer](https://attack.mitre.org/software/S1186). [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is attributed to a group referred to as UAT4356 or STORM-1849, and is assessed to be a state-sponsored campaign.(Citation: Cisco ArcaneDoor 2024)(Citation: CCCS ArcaneDoor 2024)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2018-0101 8.010.00.93172018-01-29see CVE
CVE-2025-20363 7.09.00.07522025-09-25see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-419 / 3063%
CM-616 / 3053%
CM-215 / 3050%
CM-715 / 3050%
CA-713 / 3043%
SI-313 / 3043%
AC-311 / 3037%
SI-711 / 3037%
AC-69 / 3030%
SC-79 / 3030%
AC-28 / 3027%
AC-48 / 3027%
AC-177 / 3023%
IA-27 / 3023%
AC-56 / 3020%

Co-occurring actors

None.

Similar actors