Detection Guide for Continued Attacks against Cisco Firewalls by the Threat Actor behind ArcaneDoor sec.cloudapps.cisco.com/security/…

The information contained in this document allows for the identification of potentially malicious traffic targeting devices running Cisco ASA or FTD Software that are configured as VPN head ends.

Affected device configuration are IKEv2 with client services and any SSL VPN configurations.