The hackers behind the ArcaneDoor global campaign targeted Cisco Firewalls using three zero-day vulnerabilities and were linked to China as revealed by cybersecurity analysts, with indications pointing to Chinese infrastructure, mistakes in SSL certificate issuers, patterns related to OpenConnect VPN Server, and ongoing activities in Chinese autonomous systems connected to anti-censorship tools like Xray and Marzban, suggesting a sophisticated worldwide operation involving around 4,800 IPs.
https://cybersecuritynews.com/arcanedoor-cisco-hackers-china/