https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
We have not determined the initial access vector used in this campaign. We have not identified evidence of pre-authentication exploitation to date.
While we have been unable to identify the initial attack vector, we have identified two vulnerabilities (CVE-2024-20353 and CVE-2024-20359), which we detail below.
Nice.