Uk · The Register
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency's name.
Key facts
- The findings this week are an update to CISA's earlier advisory, warning of other attacks on Cisco products, ones that exploited CVE-2025-20333 (9.9) and CVE-2025-20362 (6.5)
- Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS
- Switchzilla tracks the group with the UAT-4356 identifier, but has consistently refused to attribute it to a nation-state, including any of the US's four primary geopolitical adversaries (China
- Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two
Summary
Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more. Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted. The CISA advisory states that only one FCEB agency was attacked with the malware, although it is suspected of being part of a wider campaign targeting government and critical national infrastructure networks in particular.