Governments on high alert after CISA snuffs out Firestarter backdoor on fed network

A US federal agency was successfully targeted by a previously unknown backdoor malware called Firestarter, according to CISA cybersnoops and their UK counterparts – neither of which disclosed the agency's name.

Federal Civilian Executive Branch (FCEB) agencies include NASA; Homeland Security itself (cyberworkers at CISA are part of an operational unit in Homeland Security); the FBI; the DoJ; the IRS; the Department of Veteran Affairs; the Department of Health and Human Services (HHS); and more.

Described as a backdoor with remote access capabilities, Firestarter was named after Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD), the two products the malware targeted.

The CISA advisory states that only one FCEB agency was attacked with the malware, although it is suspected of being part of a wider campaign targeting government and critical national infrastructure networks in particular. 

Further, the lone incident CISA investigated so far involved ...