CISA and the UK's NCSC have issued a joint advisory warning about a previously unknown backdoor malware called Firestarter, which was found on a US Federal Civilian Executive Branch agency's network. The malware targets Cisco Secure Firewall ASA and FTD products and is notable for maintaining persistent access even after device updates. The attack is suspected to be part of a broader campaign against government and critical national infrastructure. Cisco attributes the activity to threat group UAT-4356, believed to be government-backed but not formally attributed to any nation-state. All US and UK organizations are advised to take preventative measures, including using YARA rules for memory analysis.
Sort: