US and UK Cybersecurity Agencies Warn of Chinese Hackers Persisting on Cisco Firewalls

US and UK cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), issued warnings about nation-state hackers linked to China persisting on Cisco firewall devices even after patches were applied. The malware, named Firestarter (part of the ArcaneDoor campaign), was discovered on a federal agency’s network, with activity dating back to at least September 2025. The threat targeted network edge devices, allowing attackers to maintain access undetected. CISA issued an emergency directive in response to the findings. No specific CVEs or additional technical indicators were disclosed in the report.