Firestarter Backdoor Survives Cisco Patch Cycles on Firepower Gear

April 26, 2026 at 07:57 AM

•

1 min read

Firestarter Backdoor Survives Cisco Patch Cycles on Firepower Gear — Photo: BleepingComputer

TL;DR Summary

U.S. CISA and U.K. NCSC warn that Firestarter malware persists on Cisco Firepower/ASA/FTD devices after patches, maintaining persistence by hooking into the LINA process and re‑launching after reboots or firmware updates; attackers used Line Viper to gain initial access before deploying Firestarter. Cisco provides mitigations and recommends reimaging, with cold restart as a last resort (risking disk damage); CISA has released YARA rules to aid detection.

Topics:business #cisa #cisco #firestarter #line-viper #persistence #security

Share this article

Firestarter malware survives Cisco firewall updates, security patches BleepingComputer
UAT-4356's Targeting of Cisco Firepower Devices Cisco Talos Blog
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches The Hacker News
CISA, NCSC issue Firestarter backdoor warning theregister.com
V1: ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices CISA (.gov)

Reading Insights

Total Reads

Unique Readers

Time Saved

4 min

vs 5 min read

Condensed

92%

865 → 66 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights