Skip to content
You can now search across every topic, entity and event.What's new
Timeline

FIRESTARTER

UAT-4356's Cisco ASA/Firepower boot-sequence backdoor; survives all patches, removable only by power cycle.

10 of 10 entries (10 events, 0 interactions)

Filters
#818 Jun
#78 Jun

VPN zero-day open a month pre-patch

Cybersecurity: Threats and Defences
#61 Jun
#414 May

Mentioned in: UAT-8616 keeps Cisco SD-WAN under fire

Cybersecurity: Threats and Defences
#411 May
#228 Apr
#224 Apr

Persisted through September 2025 patches inside a federal agency until detected in March 2026

Cybersecurity: Threats and Defences: Federal agency stayed compromised six months
#224 Apr

Persisted in Cisco ASA/FTD boot sequence through all patches; activated via crafted WebVPN magic-packet request

Cybersecurity: Threats and Defences: FIRESTARTER implant survives every Cisco firewall patch
#220 Apr