US and UK Agencies Warn of Persistent Malware on Cisco Firewalls
U.S. and UK cybersecurity agencies have issued a warning about a state-sponsored hacking group that has implanted a persistent backdoor, known as Firestarter, on Cisco network security devices. This malware can survive firmware updates and standard reboots, posing a significant threat to government and critical infrastructure networks. The Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre have identified the threat actor as UAT-4356, which has been active since at least late 2025. The malware was discovered on a U.S. federal civilian agency's Cisco Firepower device, prompting an emergency directive for federal agencies to audit their Cisco firewall infrastructure. 
