FIRESTARTER Backdoor Compromises Federal Agency's Cisco Firepower Device

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 using a previously unknown malware named FIRESTARTER. The backdoor, identified by CISA and the U.K.'s National Cyber Security Centre (NCSC), is designed for remote access, though specific attack vectors and persistence mechanisms remain undisclosed. No CVE identifiers or additional technical indicators were provided in the report. The incident highlights a targeted breach of a federal network security appliance, with the malware surviving security patches applied to the device. The disclosure does not specify the operational impact or attribution of the threat actor.