Dossier
UAT-4356
Coverage of UAT-4356 in the Nexus archive.
- US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
US and UK cybersecurity agencies warned that a state-sponsored hacking group has deployed a persistent backdoor called Firestarter on Cisco firewalls, which can survive firmware updates and reboots. The malware, linked to threat actor UAT-4356, exploits vulnerabilities patched in September 2025 and has prompted an emergency directive for federal agencies to audit Cisco infrastructure.