FIRESTARTER: Cisco ASA Backdoor

On April 23, 2026, CISA and the UK National Cyber Security Centre revealed FIRESTARTER, a persistent backdoor implant targeting Cisco Adaptive Security Appliance firmware via CVE-2025-20333 and CVE-2025-20362, enabling advanced persistent threat actor UAT-4356 (linked to the earlier ArcaneDoor campaign) to maintain long-term access even after patching and rebooting. The malware hooks into Cisco’s core LINA process to execute attacker shellcode triggered by specially crafted WebVPN requests, requiring a hard power cycle or full device reimaging to fully remove, highlighting a serious evolution in firmware-level threats that challenge conventional patch-and-monitor security models.

https://thecyberthrone.in/2026/04/28/firestarter-cisco-asa-backdoor/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top