US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor
The malware provides remote access and control of infected devices and maintains post-patching persistence. The post US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor appeared first on SecurityWeek.
At least one US federal agency was infected with a backdoor as part of a widespread China-linked espionage campaign targeting Cisco firewalls.
In May 2024, Cisco patched two vulnerabilities in its Adaptive Security Appliance (ASA) firewall platform that had been exploited as zero-days in a state-sponsored campaign tracked as ArcaneDoor.
A year later, the company fixed two more zero-days linked to the same campaign, tracked as CVE-2025-20333 and CVE-2025-20362, and impacting the VPN web server of ASA and Secure Firewall Threat Defense (FTD) software.
Source: https://www.securityweek.com/us-federal-agencys-cisco-firewall-infected-with-firestarter-backdoor/
Related breach coverage
- France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry2025-12-18
France’s counterespionage agency is investigating a suspected cyberattack plot targeting an international passenger ferry The post France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry appeared first on SecurityWeek.
- CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks2025-11-13
Federal agencies have reported as ‘patched’ ASA or FTD devices running software versions vulnerable to attacks. The post CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks appeared first on SecurityWeek.
- CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network2026-04-25
CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied, […]
- CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March2026-04-23
CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.