Cisco reveals security breach, warns of state-sponsored spy campaign

State-sponsored actors targeted security devices used by governments around the world, according to technology firm Cisco Systems, which said the network devices are coveted intrusion points by spies.

State-sponsored actors targeted security devices used by governments around the world, according to technology firm Cisco Systems, which said the network devices are coveted intrusion points by spies.

In a blog post Wednesday, Cisco named it "ArcaneDoor," and described the activity as an espionage-focused campaign carried out by "state-sponsored actors targeting perimeter network devices from multiple vendors." It also said it found victims globally, all of which involved government networks.

Cisco and the cybersecurity agencies of Canada, Australia and the United Kingdom are urging customers to patch devices quickly.

In a joint, separate advisory, the Canadian Centre for Cyber Security, Australian Signals Directorate's Australian Cyber Security Centre and the UK's National Cyber Security Centre said they've been monitoring malicious cyber activity since early 2024 that targets virtual private network services — known as VPNS — used by governments and critical infrastructure globally.

VPNs offer a private tunnel that lets workers log into office networks from home, among other uses.

"The capabilities are indicative of espionage conducted by a well-resourced and sophisticated state-sponsored actor," the advisory said.

The agencies noted the campaign was sophisticated and used "multiple layers of novel techniques.