By Ionut Arghire
Publication Date: 2026-04-24 11:26:00
At least one US federal agency was infected with a backdoor as part of a widespread China-linked espionage campaign targeting Cisco firewalls.
In May 2024, Cisco patched two vulnerabilities in its Adaptive Security Appliance (ASA) firewall platform that had been exploited as zero-days in a state-sponsored campaign tracked as ArcaneDoor.
A year later, the company fixed two more zero-days linked to the same campaign, tracked as CVE-2025-20333 and CVE-2025-20362, and impacting the VPN web server of ASA and Secure Firewall Threat Defense (FTD) software.
In September 2025, the US cybersecurity agency CISA issued Emergency Directive 25-03 (ED 25-03), urging federal agencies to patch vulnerable Cisco devices in their environments immediately. In November, CISA updated its guidance to recommend additional mitigation actions.
On Thursday, the agency updated ED 25-03 again, warning that patching vulnerable Cisco firewall devices did not remove malware deployed on them.
Per…
