By Anna Ribeiro
Publication Date: 2026-04-27 09:34:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a malware analysis report on Firestarter after examining a sample recovered during a forensic investigation, warning that advanced persistent threat (APT) hackers are using the malware to maintain access to publicly exposed Cisco Firepower and Secure Firewall devices. Developed as a backdoor, Firestarter enables remote control of systems running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software, according to a joint assessment with the U.K. National Cyber Security Centre.
Alongside the report, CISA issued Emergency Directive 25-03, mandating federal civilian executive branch (FCEB) agencies to identify and mitigate potential compromise of affected Cisco devices. The advisory reflects sustained targeting of these platforms, with officials warning that the exposure extends beyond government networks to any organization operating internet-facing firewall…
