STORM-1849 is a threat actor, also known as UAT4356. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does STORM-1849 exploit?

Specific CVE exploitation data for STORM-1849 is being tracked. Check the Strobes VI threat actor profile for updates.

STORM-1849

Also known as: UAT4356

Exploited CVEs

Overview

UAT4356 is a state-sponsored threat actor that targeted government networks globally through a campaign named ArcaneDoor. They exploited two zero-day vulnerabilities in Cisco Adaptive Security Appliances to deploy custom malware implants called "Line Runner" and "Line Dancer." The actor demonstrated a deep understanding of Cisco systems, utilized anti-forensic measures, and took deliberate steps to evade detection. UAT4356's sophisticated attack chain allowed them to conduct malicious actions such as configuration modification, reconnaissance, network traffic capture/exfiltration, and potentially lateral movement on compromised devices.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database