Briefings are running a touch slower this week while we rebuild the foundations.See roadmap

Timeline

FIRESTARTER

UAT-4356's Cisco ASA/Firepower boot-sequence backdoor; survives all patches, removable only by power cycle.

5 of 5 entries (5 events, 0 interactions)

Filters

EventsMentionsInteractions

#228 Apr

Mentioned in: Scattered Spider's Bouquet arrested in Helsinki

Cybersecurity: Threats and Defences

#224 Apr

Persisted through September 2025 patches inside a federal agency until detected in March 2026

Cybersecurity: Threats and Defences: Federal agency stayed compromised six months

#224 Apr

Persisted in Cisco ASA/FTD boot sequence through all patches; activated via crafted WebVPN magic-packet request

Cybersecurity: Threats and Defences: FIRESTARTER implant survives every Cisco firewall patch

#220 Apr

Mentioned in: CISA gives Cisco SD-WAN three days to patch

Cybersecurity: Threats and Defences

#316 Apr

Mentioned in: CL-STA-1132 exploited PAN-OS since 16 April, log destruction confirmed

Cybersecurity: Threats and Defences

← Back to FIRESTARTER