FIRESTARTER Malware Affects Cisco Firepower Devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a security incident involving an unnamed federal agency. A Cisco Firepower device running the Adaptive Security Appliance (ASA) software was compromised in September 2025 by a new malware called FIRESTARTER. This malware is classified by CISA and the UK’s National Cyber Security Centre (NCSC) as a backdoor designed for remote access. FIRESTARTER allows attackers to gain unauthorized access to the affected systems.

The malware was developed to bypass security measures and remains active even after security updates and patches have been applied. This poses a significant threat to the integrity and confidentiality of the data processed on these devices. The discovery of the malware occurred during routine checks by CISA, aimed at ensuring cybersecurity in critical infrastructures. The agency has taken immediate steps to isolate the affected systems and analyze the security vulnerabilities. The exact method by which the malware infiltrated the system is currently under investigation.

In addition to CISA's actions, the affected federal agency has also reviewed and strengthened its internal security protocols. Experts warn that the use of outdated software and inadequate security measures can increase the likelihood of such attacks. CISA has urged all federal agencies to check their systems for similar vulnerabilities and ensure that all security updates are installed promptly. The FIRESTARTER malware could also affect other organizations and companies using similar Cisco Firepower devices. Security experts recommend enhancing network security and conducting regular audits to identify potential vulnerabilities early.

CISA has already issued a technical alert containing specific instructions for detecting and combating the malware. The threat posed by FIRESTARTER is not the first of its kind to challenge security agencies. In recent years, numerous cyberattacks on critical infrastructures have increased, underscoring the need for a robust cybersecurity strategy. CISA has emphasized that collaboration between various agencies and the private sector is crucial for effectively combating such threats. The vulnerability exploited by FIRESTARTER may also exist in other software versions.

CISA has urged affected organizations to regularly check their systems for updates and ensure compliance with all security policies. The agency plans to release further information about the malware and its impacts in the coming weeks. CISA has already made several recommendations to enhance system security, including the implementation of multi-factor authentication and training employees on cyber threats. These measures aim to minimize the risk of a successful attack and improve responsiveness in the event of an incident.

The exact number of affected systems and the potential impact on national security are currently unclear. However, CISA has stressed that the situation is being taken seriously and all necessary steps are being taken to neutralize the threat. The agency will continue to work closely with the affected organizations to ensure the security of critical infrastructures. CISA plans to provide comprehensive security updates for all affected systems by the end of May 2026 to mitigate the impacts of FIRESTARTER.