CISA Hunts for Cisco Backdoor Spotted on Federal Network

'Firestarter' Backdoor Can Survive Reboots, Upgrades and Standard Fixes Chris Riotta (@chrisriotta) • April 24, 2026

The U.S. cyber defense agency is ordering federal agencies to hunt for a previously unknown, persistent backdoor after spotting it on a Cisco security appliance meant to shield a federal civilian agency.

See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?

The Cybersecurity and Infrastructure Security Agency and its British counterpart warned in a Thursday malware analysis report that the custom implant, dubbed "Firestarter," is targeting Cisco Adaptive Security Appliance and Firepower devices. CISA should know, since it identified the backdoor after detecting suspicious connections on a federal network, activity that led to a forensic investigation that turned up the implant.

The hackers - there's no public attribution - initially deployed a shellcode loader tracked by the U.K. National Cyber Security Center as Line Viper but later ...