CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.
A U.S. agency was breached by sophisticated hackers in September through a vulnerability in Cisco firewalls.
The Cybersecurity and Infrastructure Security Agency (CISA) said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.
CISA published an advisory on the FIRESTARTER malware and an updated directive ordering federal civilian agencies to take specific actions to check for infection.
Source: https://therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
Related breach coverage
- CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network2026-04-25
CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied, […]
- US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor2026-04-24
The malware provides remote access and control of infected devices and maintains post-patching persistence. The post US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor appeared first on SecurityWeek.
- New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea2025-12-10
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React […]
- CPUID watering hole attack spreads STX RAT malware2026-04-13
Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with the STX RAT, giving attackers remote access to their systems. The short attack […]