Timeline
FIRESTARTER
UAT-4356's Cisco ASA/Firepower boot-sequence backdoor; survives all patches, removable only by power cycle.
10 of 10 entries (10 events, 0 interactions)
Filters
#818 Jun
Mentioned in: 86,644 Fortinet logins become a hit list
Cybersecurity: Threats and Defences#78 Jun
VPN zero-day open a month pre-patch
Cybersecurity: Threats and Defences#61 Jun
Mentioned in: WebLogic flaw revived as ransomware vector
Cybersecurity: Threats and Defences#414 May
Mentioned in: UAT-8616 keeps Cisco SD-WAN under fire
Cybersecurity: Threats and Defences#411 May
Mentioned in: UNC6780 takes Cisco AI Defense source code
Cybersecurity: Threats and Defences#228 Apr
Mentioned in: Scattered Spider's Bouquet arrested in Helsinki
Cybersecurity: Threats and Defences#224 Apr
Persisted through September 2025 patches inside a federal agency until detected in March 2026
Cybersecurity: Threats and Defences: Federal agency stayed compromised six months#224 Apr
Persisted in Cisco ASA/FTD boot sequence through all patches; activated via crafted WebVPN magic-packet request
Cybersecurity: Threats and Defences: FIRESTARTER implant survives every Cisco firewall patch#220 Apr
Mentioned in: CISA gives Cisco SD-WAN three days to patch
Cybersecurity: Threats and Defences#316 Apr