{"id":206348,"date":"2026-04-27T10:40:00","date_gmt":"2026-04-27T14:40:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/us-uk-authorities-warn-that-firestarter-backdoor-malware-survives-patching\/"},"modified":"2026-04-27T10:50:08","modified_gmt":"2026-04-27T14:50:08","slug":"us-uk-authorities-warn-that-firestarter-backdoor-malware-survives-patching","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/27\/us-uk-authorities-warn-that-firestarter-backdoor-malware-survives-patching\/","title":{"rendered":"US, UK authorities warn that Firestarter backdoor malware survives patching"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/us-uk-authorities-firestarter-backdoor-malware-patching\/818531\/\">US, UK authorities warn that Firestarter backdoor malware survives patching<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/us-uk-authorities-firestarter-backdoor-malware-patching\/818531\/\">https:\/\/www.cybersecuritydive.com\/news\/us-uk-authorities-firestarter-backdoor-malware-patching\/818531\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-27 10:40:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>U.S. and U.K. authorities have issued warnings about backdoor malware used against vulnerable Cisco devices that can maintain persistence despite being patched.\u00a0<br \/>\nThe backdoor malware, dubbed Firestarter, was discovered during a forensic investigation at a federal civilian executive branch agency during a forensic investigation, according to the Cybersecurity and Infrastructure Security Agency.<br \/>\nCISA issued an emergency directive in September 2025 for federal agencies to immediately take steps to mitigate against the attacks, which were linked to the ArcaneDoor activity initially identified in early 2024.\u00a0<br \/>\nThe campaign was linked to a threat actor tracked as UAT-4356, according to a Thursday blog post from Cisco Talos.\u00a0\u00a0<br \/>\nThe attacks targeted Cisco Firepower and Secure Firewall products that used Adaptive Security Appliance or Firepower Threat Defense software, CISA warned in an advisory released Thursday.<br \/>\nThe hackers exploited two critical vulnerabilities: CVE-2025-20333 and CVE-2025-20362.\u00a0<\/p>\n<p>CISA said it found suspicious connections on a Firepower device running Adaptive Security Appliance software at the federal agency. The investigation discovered that hackers deployed an implant called Line Viper and used Firestarter malware in order to maintain persistence on the device.<br \/>\nCisco released a security bulletin Thursday with guidance on how to mitigate the threat and issued an update Friday.\u00a0<br \/>\nCISA has issued new guidance for all FCEB agencies to check for potential compromise and take additional mitigation measures<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US, UK authorities warn that Firestarter backdoor malware survives patching https:\/\/www.cybersecuritydive.com\/news\/us-uk-authorities-firestarter-backdoor-malware-patching\/818531\/ Publish Date: 2026-04-27 10:40:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":206349,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/byTw3zSU6LSbTlKnCI05X54BE1sqxld0rt-sKRu87NQ\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS8xXzFfM1JGb2gyUS5qcGVn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,34],"class_list":["post-206348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206348"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206348"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206348\/revisions"}],"predecessor-version":[{"id":206350,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206348\/revisions\/206350"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/206349"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}