{"id":206612,"date":"2026-04-28T04:52:00","date_gmt":"2026-04-28T08:52:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/28\/cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products-hstoday\/"},"modified":"2026-04-28T05:30:08","modified_gmt":"2026-04-28T09:30:08","slug":"cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products-hstoday","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/28\/cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products-hstoday\/","title":{"rendered":"CISA\u202fWarns\u202fof FIRESTARTER Malware\u202fTargeting Cisco ASA\u202fFirewall\u202fProducts \u2013 HSToday"},"content":{"rendered":"<p><a href=\"https:\/\/www.hstoday.us\/subject-matter-areas\/cybersecurity\/cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products\/\">CISA\u202fWarns\u202fof FIRESTARTER Malware\u202fTargeting Cisco ASA\u202fFirewall\u202fProducts \u2013 HSToday<\/a><\/p>\n<p><a href=\"https:\/\/www.hstoday.us\/subject-matter-areas\/cybersecurity\/cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products\/\">https:\/\/www.hstoday.us\/subject-matter-areas\/cybersecurity\/cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-28 04:52:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.hstoday.us\">www.hstoday.us<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. The Cybersecurity and Infrastructure\u202fSecurity Agency (CISA) has\u202fpublished a\u202fmalware analysis report\u202fon FIRESTARTER malware. This\u202fmalware allows remote access and control by malicious threat actors\u202ftargeting\u202fCisco\u202fFirepower\u202fand Secure\u202fFirewall\u202fproducts\u202frunning\u202fAdaptive Security Appliance (ASA)\u202for\u202fFirepower Threat\u202fDefense (FTD)\u202fsoftware.\u202fIn\u202fconjunction with\u202fthis\u202freport, CISA\u202fissued\u202fnew\u202frequired actions\u202ffor\u202fFederal\u202fCivilian\u202fExecutive\u202fBranch\u202f(FCEB)\u202fagencies in\u202fEmergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices.\u202fThreat actors continue to target these devices\u202fand products, posing significant risks to all organizations.<br \/>\nThis malware analysis report, co-sealed with\u202fUnited Kingdom National Cyber Security Centre (NCSC-UK),\u00a0provides\u00a0organizations\u202fwith the knowledge to\u00a0help them\u00a0detect and\u202frespond to\u202fFIRESTARTER.\u00a0This report\u00a0provides technical details on threat actor activity, FIRESTARTER\u2019s\u00a0secret to\u00a0achieving\u00a0persistence, as well as\u00a0recommended detection methods,\u202fmitigations\u202fand actions for incident response. In this report,\u202fCISA and NCSC-UK assess that an advanced persistent threat (APT)\u202factor exploited CVE-2025-20333 and CVE-2025-20362 in Cisco ASA firmware to gain initial access and deploy FIRESTARTER on Firepower and Secure Firewall devices.<br \/>\n\u201cFIRESTARTER\u202fcan\u202fpersist as an active threat on\u202fCisco ASA\u202fdevices\u202for FTD\u202fsoftware.\u202fCISA encourages\u202forganizations using\u202fthese devices or software\u202fto review\u202fthe\u00a0FIRESTARTER\u202freport,\u202fassess\u202fdevices for\u202fcompromise, implement mitigations,\u202fand\u202freport any findings to\u202fCISA,\u201d\u202fsaid\u202fCISA Acting Director Nick Andersen.\u202f\u201cEvery day, CISA\u202fworks with\u202ffederal\u202fgovernment\u202fand\u202findustry partners to\u202fassess\u202fcyber threats and\u202fpublish actionable information\u202ffor\u202forganizations\u202fto\u202fbetter protect themselves and ensure the integrity of their digital infrastructure.\u201d<br \/>\nDuring proactive monitoring\u202fof\u202fCisco ASA devices\u202fused by FCEB agencies, CISA detected FIRESTARTER malware\u202fthat enabled post-patching persistence. CISA analysis\u00a0determined\u00a0that firmware patching\u202factions on compromised devices\u202fdid not necessarily\u202fremove\u202fan existing threat\u202factor.\u202fCISA updates to ED 25-03\u202finclude\u202fidentifying\u202fspecified Firepower and Secure Firewall devices,\u202fcollecting\u202fforensic data,\u202fand applying\u202fnew\u202fvendor-provided updates.<br \/>\nAs FCEB agencies implement the\u202fnew ED 25-03\u202frequirements, CISA will\u202fmonitor\u202fcompliance, provide technical\u202fassistance, and deliver\u202fadditional\u202fresources as needed.<br \/>\nCISA urges\u202fnetwork defenders\u202fusing\u202fCisco Firepower\u202fand Secure\u202fFirewall\u202fproducts\u202frunning\u202fASA\u202for\u202fFTD\u202fsoftware\u202fto review all applicable resources for this release and implement recommended actions.<br \/>\nFor more information, please visit\u202fCybersecurity Directives.<br \/>\nThe original announcement can be found here.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA\u202fWarns\u202fof FIRESTARTER Malware\u202fTargeting Cisco ASA\u202fFirewall\u202fProducts \u2013 HSToday https:\/\/www.hstoday.us\/subject-matter-areas\/cybersecurity\/cisa-warns-of-firestarter-malware-targeting-cisco-asa-firewall-products\/ Publish Date: 2026-04-28 04:52:00 Source Domain: www.hstoday.us&#8230;<\/p>\n","protected":false},"author":1,"featured_media":206613,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.hstoday.us\/wp-content\/uploads\/2024\/03\/iStock-1345658709-e1710878254239.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,34],"class_list":["post-206612","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206612"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=206612"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206612\/revisions"}],"predecessor-version":[{"id":206614,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/206612\/revisions\/206614"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/206613"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=206612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=206612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=206612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}