US and UK Agencies Warn of Persistent Malware on Cisco Firewalls Affecting Government Networks

What's Happening? A state-sponsored hacking group has implanted a custom backdoor on Cisco network security devices, which can survive firmware updates and standard reboots, according to U.S. and British cybersecurity authorities. The malware, named Firestarter, was discovered on a U.S. federal civi

Summarized by AI ⓘ

What's Happening?

A state-sponsored hacking group has implanted a custom backdoor on Cisco network security devices, which can survive firmware updates and standard reboots, according to U.S. and British cybersecurity authorities. The malware, named Firestarter, was discovered

on a U.S. federal civilian agency's Cisco Firepower device. This discovery led to an emergency directive requiring all federal civilian agencies to audit their Cisco firewall infrastructure. The malware allows attackers to persist on compromised devices by manipulating the Cisco Service Platform mount list, which governs program execution during boot sequences. The persistence vulnerability affects a broad range of Cisco hardware, including the Firepower and Secure Firewall series. Cisco has released updated software to address the issue but recommends reimaging affected devices.

Why It's Important?

The persistence of the Firestarter malware on Cisco devices poses a significant threat to government and critical infrastructure networks. These devices sit at the perimeter of networks, making them crucial for enforcing security boundaries. Compromising them can expose internal traffic and allow attackers to intercept credentials and communications. The incident highlights the increasing trend of state-linked hackers targeting network edge devices. The ability of the malware to survive patches and standard reboots underscores the need for robust cybersecurity measures and the importance of physical device reboots to clear such threats.

What's Next?

Federal agencies are required to submit device memory snapshots for analysis, and Cisco recommends reimaging affected devices. The ongoing exploitation of vulnerabilities necessitates continuous monitoring and updates to cybersecurity protocols. Organizations may need to reassess their network security strategies and consider additional measures to protect against similar threats. The collaboration between U.S. and UK cybersecurity authorities may lead to further international efforts to combat state-sponsored cyber threats.

US and UK Agencies Warn of Persistent Malware on Cisco Firewalls Affecting Government Networks

Related Stories

What's Happening?

Why It's Important?

What's Next?

AI Generated Content

AI Generated Content

More stories you might like

Critical National Infrastructure Faces Rising Cybersecurity Threats Amid Budget Constraints

CISA Leadership in Limbo as Trump Nominee Withdraws Amid Senate Stalemate

CISA Expands Vulnerability Catalog with New Cisco, Kentico, and Zimbra Flaws

CISA Expands Known Exploited Vulnerabilities Catalog with Cisco, Kentico, and Zimbra Flaws

CISA Warns of Exploited Vulnerabilities in Cisco, Kentico, and Zimbra Products

Anthropic Investigates Unauthorized Access to Mythos AI Amid Cybersecurity Concerns

Researchers Identify ProxySmart Software Enabling SIM Farms Across 19 U.S. States

Cybersecurity Experts Turn Cybercriminals, Plead Guilty to Ransomware Conspiracy

Data Breaches at Healthcare Organizations in Illinois and Texas Impact 600,000 Individuals

AI Generated