(cisa.gov) CISA and NCSC-UK Warn of FIRESTARTER Malware Targeting Cisco ASA, Firepower, and Secure Firewall Devices
-
(cisa.gov) CISA and NCSC-UK Warn of FIRESTARTER Malware Targeting Cisco ASA, Firepower, and Secure Firewall Devices
URGENT: FIRESTARTER malware achieves post-patching persistence on Cisco ASA/Firepower/FTD devices via CVE-2025-20333 & CVE-2025-20362. CISA/NCSC-UK report confirms APT exploitation.
In brief - CISA and NCSC-UK warn of FIRESTARTER, a remote access malware targeting Cisco ASA, Firepower, and Secure Firewall devices. The APT actor exploits two firmware vulnerabilities to deploy the implant, which persists even after patching. Federal agencies must act under Emergency Directive 25-03.
Technically - FIRESTARTER targets Cisco ASA/FTD software, leveraging CVE-2025-20333 and CVE-2025-20362 for initial access. Its post-patching persistence mechanism survives firmware updates, complicating remediation. CISA’s report provides IOCs, forensic guidance, and detection methods. FCEB agencies must enumerate affected devices, collect forensic data, and apply vendor updates to mitigate the threat.
-
R relay@relay.infosec.exchange shared this topic
