ArcaneDoor — Threat Actor Profile, Campaigns & Targets

Threat entity extracted from intelligence sources

Frequency
16
occurrences
First Seen
November 2, 2025
Last Seen
June 3, 2026

ArcaneDoor is a apt_group tracked across 8 threat clusters and 16 intelligence report mentions on ThreatCluster. First observed November 2, 2025; most recent activity June 3, 2026.

Related Threat Clusters

Recent Intelligence Reports

  • External Remote Services — attack.mitre.org · June 3, 2026
  • T1685: Disable or Modify Tools — attack.mitre.org · April 28, 2026
  • Hackers Exploiting Cisco Firepower Devices’ Using n — Cybersecuritynews · April 25, 2026
  • Firestarter malware survives Cisco firewall updates, security patches — Bleepingcomputer · April 24, 2026
  • US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied — Cyberscoop · April 23, 2026
  • UAT-4356's Targeting of Cisco Firepower Devices — Blog.Talosintelligence · April 23, 2026
  • ArcaneDoor Attack (Cisco ASA Zero-Day) — Filestore.Fortinet · December 18, 2025
  • Cisco ASA firewalls still under attack; CISA issues guidance for patch — Scmagazine · November 14, 2025

CVSS v3.1 Breakdown