STORM-1849, also tracked as UAT4356, is a state-sponsored cyber espionage group assessed with high confidence to be China-aligned. The group's capabilities were observed in development as early as July 2023, with initial exploitation activity detected in January 2024, marking its formal emergence. This actor is distinguished by its meticulous focus on compromising perimeter network devices, particularly Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD), by exploiting zero-day vulnerabilities to deploy custom implants for long-term intelligence gathering and persistent access. Its operations, notably the "ArcaneDoor" campaign, demonstrate an in-depth understanding of target systems and sophisticated anti-forensic measures, setting it apart from other threat actors.