FIRESTARTER: The dangerous hack bypassing security in Cisco Firepower
A new persistent backdoor called FIRESTARTER has compromised federal devices, defying even the most recent security patches.

The persistent threat of FIRESTARTER in federal environments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert after discovering that a Cisco Firepower device running Adaptive Security Appliance (ASA) software was the victim of a sophisticated hack. The protagonist of this intrusion is FIRESTARTER, a backdoor specifically designed for unauthorized remote access that has demonstrated an unsettling capability: surviving standard security patches.
This incident underscores the constant digital arms race. Organizations often trust that applying a patch fixes the root vulnerability, but as we have seen in cases where CISA orders patching of exploited BlueHammer vulnerability, attacker persistence can overcome conventional defensive measures.
What makes FIRESTARTER so dangerous?
According to joint analysis by CISA and the UK's National Cyber Security Centre (NCSC), this malware is not a conventional attack. Its architecture allows threat actors to maintain a prolonged presence within the network, facilitating espionage or the preparation of more destructive attacks, such as the deployment of ransomware.
"FIRESTARTER has been identified as a persistent remote access tool, capable of evading detection mechanisms following the application of software updates on Cisco ASA systems."
Key characteristics of the intrusion:
- Persistence: The backdoor remains active even after reboots and updates.
- Remote Access: It allows attackers to control the network device from external locations.
- Stealth: It is designed to operate without raising suspicions in traditional audit logs.
Conclusion and recommendations
The sophistication of this attack reminds us that perimeter security is no longer enough. Just as in incidents where Tracking SystemBC: 1,570 victims exposed after a ransomware attack, rapid response and constant vigilance are vital. Organizations using Cisco ASA equipment must audit their systems for anomalous behavior, even if their devices appear to be up to date with official patches.
Modern cybersecurity requires a Zero Trust mindset, where we assume that any point in the network may be compromised, no matter how robust the hardware appears or how recent its updates may be.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...