PoliticsGovernment cyber agencies around the world are rushing to clamp down on what appears to be an advanced and sophisticated espionage campaign targeting popular security software used by remote workers. Cisco says hackers may be able to scrape data from compromised devicesCatharine Tunney · CBC News · Posted: Sep 26, 2025 12:51 PM EDT | Last Updated: 2 hours agoCisco says a threat actor has exploited new vulnerabilities in its devices. (Paul Sakuma/The Associated Press)Government cyber agencies around the world are rushing to clamp down on what appears to be an advanced and sophisticated espionage campaign targeting popular security software used by remote workers. Calling the threat “serious and urgent,” Canada’s Communication Security Establishment’s (CSE) Centre for Cyber Security joined its international allies Thursday urging organizations to take immediate action to patch up vulnerabilities following a widespread hit on the technology security company Cisco.The impacted technology is commonly used by organizations to enable virtual private networks, or VPN — a necessity for many remote workers.Underscoring the breadth of the issue, CSE said its guidance is aimed at “critical infrastructure sectors, including municipal, provincial and territorial governments, academia and research facilities.””This is a critical moment for Canadian organizations. Threat actors are targeting legacy systems with increasing sophistication,” said Rajiv Gupta, head of the Canadian Centre for Cyber Security, in a statement Thursday.”I urge all critical infrastructure sectors to act swiftly.”In its own statement, Cisco said it was first made aware of an attack in May impacting its adaptive security appliances (ASA). The company said it has since discovered the same threat actor exploited new vulnerabilities in ASA devices to “implant malware, execute commands, and potentially exfiltrate data from compromised devices.”Cisco said it believes “with high confidence” the attackers are the same threat actors behind what’s been called the ArcaneDoor campaign. It described it as a state-sponsored actor running an espionage-focused campaign.CSE would not comment on who is behind the attack and said it’s still investigating the scope of the vulnerability in Canada. “Take our warning seriously,” a spokesperson said in an email to CBC News. U.S. calls on agencies to patch bugs by midnight The attack has set off alarm bells around the world.The U.S. Cybersecurity and Infrastructure Security Agency issued a rare emergency directive Thursday about the “advanced threat actor’s” ongoing campaign on Cisco and ordered all federal civilian agencies to patch vulnerabilities by Friday at midnight.”This activity presents a significant risk to victim networks,” said the U.S. directive. The United Kingdom’s National Cyber Security Centre (NCSC) issued a similar warning, suggesting the malware used in this attack marks “a significant evolution” both in sophistication and the hackers’ ability to evade detection. CSE said it’s working with Cisco and the Five Eyes intelligence alliance to provide support.ABOUT THE AUTHORCatharine Tunney is a reporter with CBC’s Parliament Hill bureau, where she covers national security and the RCMP. She worked previously for CBC in Nova Scotia. You can reach her at catharine.tunney@cbc.ca
Federal cyber agency warns of ‘serious and urgent’ attack on tech used by remote workers
