Firestarter
Coverage of Firestarter in the Nexus archive.
- Firestarter malware survives Cisco firewall updates, security patches
U.S. and U.K. cybersecurity agencies warn that a custom malware named Firestarter is persisting on Cisco Firepower and Secure Firewall devices using Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software despite updates and patches.
- FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
CISA and the UK's NCSC disclosed that a federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor malware. The malware, designed for remote access, persisted despite security patches, indicating a sophisticated cyberattack.
- Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
CISA and UK cybersecurity agencies detected a previously unknown backdoor malware called Firestarter in a U.S. federal agency's network, part of an ongoing attack on Cisco equipment. The targeted agency remains unnamed, but the incident highlights a long-running cyber campaign against federal infrastructure.
- US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
US and UK cybersecurity agencies warned that a state-sponsored hacking group has deployed a persistent backdoor called Firestarter on Cisco firewalls, which can survive firmware updates and reboots. The malware, linked to threat actor UAT-4356, exploits vulnerabilities patched in September 2025 and has prompted an emergency directive for federal agencies to audit Cisco infrastructure.
- CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
CISA reported a U.S. agency was breached via a Cisco vulnerability, with malware named 'FIRESTARTER' allowing hackers to maintain access through March without re-exploiting the initial flaw.