2attributed CVEs
30ATT&CK techniques
8.6IDF score (tooling uniqueness)
2exclusive CVEs
2018–2025years active
About this actor
[ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is a campaign targeting networking devices from Cisco and other vendors between July 2023 and April 2024, primarily focused on government and critical infrastructure networks. [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is associated with the deployment of the custom backdoors [Line Runner](https://attack.mitre.org/software/S1188) and [Line Dancer](https://attack.mitre.org/software/S1186). [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is attributed to a group referred to as UAT4356 or STORM-1849, and is assessed to be a state-sponsored campaign.(Citation: Cisco ArcaneDoor 2024)(Citation: CCCS ArcaneDoor 2024)
Source: MITRE ATT&CK
Activity timeline
- 2025 — 1 CVE published
- 2018 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2018-0101 | 8.0 | 10.0 | 0.9317 | 2018-01-29 | see CVE |
CVE-2025-20363 | 7.0 | 9.0 | 0.0752 | 2025-09-25 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 19 / 30 | 63% |
CM-6 | 16 / 30 | 53% |
CM-2 | 15 / 30 | 50% |
CM-7 | 15 / 30 | 50% |
CA-7 | 13 / 30 | 43% |
SI-3 | 13 / 30 | 43% |
AC-3 | 11 / 30 | 37% |
SI-7 | 11 / 30 | 37% |
AC-6 | 9 / 30 | 30% |
SC-7 | 9 / 30 | 30% |
AC-2 | 8 / 30 | 27% |
AC-4 | 8 / 30 | 27% |
AC-17 | 7 / 30 | 23% |
IA-2 | 7 / 30 | 23% |
AC-5 | 6 / 30 | 20% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- RedPenguin 0.24
- Winter Vivern 0.22
- Rocke 0.21
- Gamaredon Group 0.20
- 2015 Ukraine Electric Power Attack 0.20
Active in same years
- RedPenguin 1.00
- SharePoint ToolShell Exploitation 1.00
- Lazarus Group 1.00
- Kimsuky 1.00
- Sidewinder 1.00