A state-sponsored threat actor is using a custom backdoor called "Firestarter" to achieve persistent compromise of Cisco Firepower firewalls running ASA software. The malware is so deeply embedded that a full reboot is insufficient for remediation, requiring a complete power cycle. The advisory does not provide specific version ranges, a CVSS score, patch details, or workarounds beyond the described eradication method.
Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower and Secure Firewall devices; however, CISA has only observed a successful implant of the malware in the wild on a Cisco Firepower device running ASA software,” the Cybersecurity and Infrastructure Security Agency noted. CISA also shared threat … More → The post New Cisco firewall malware can only be killed by pulling the plug appeared first on Help Net Security .