ArcaneDoor (C0046)
Auto-surfaced MITRE campaign. This page renders directly from MITRE ATT&CK data; no curated narrative or verified victim list. See /incidents.html for the curated landmark layer.
Active: 2018-2025 · Run by: parent actor unknown · 2 attributed CVE(s) · 30 technique(s).
MITRE description
[ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is a campaign targeting networking devices from Cisco and other vendors between July 2023 and April 2024, primarily focused on government and critical infrastructure networks. [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is associated with the deployment of the custom backdoors [Line Runner](https://attack.mitre.org/software/S1188) and [Line Dancer](https://attack.mitre.org/software/S1186). [ArcaneDoor](https://attack.mitre.org/campaigns/C0046) is attributed to a group referred to as UAT4356 or STORM-1849, and is assessed to be a state-sponsored campaign.(Citation: Cisco ArcaneDoor 2024)(Citation: CCCS ArcaneDoor 2024)