1
Threat Overview
CISA warns of FIRESTARTER malware targeting Cisco ASA, Firepower, and Secure Firewall products, exploiting unknown vulnerabilities to gain persistence and execute malicious activities. Affected products include Cisco ASA, Firepower, and Secure Firewall. The attack vector is unknown.
2
Key Intelligence Points
1. FIRESTARTER malware targets Cisco ASA, Firepower, and Secure Firewall products. 2. Unknown vulnerabilities are being exploited to gain persistence and execute malicious activities. 3. The attack chain involves exploiting unknown vulnerabilities to gain persistence and execute malicious activities. 4. Detection opportunities include monitoring for suspicious network activity and analyzing system logs for signs of persistence.
3
MITRE ATT&CK Techniques
T1053.005 Boot or System Services: Abuse Elevation Control to Gain Elevated Creativity
4
Indicators of Compromise (IOCs) / Affected Systems
FIRESTARTER malware, unknown filenames, unknown registry keys, unknown IP addresses, unknown domains, unknown hashes, unknown affected versions
5
Mitigation & Detection
Apply the latest security patches to Cisco ASA, Firepower, and Secure Firewall products to prevent exploitation of unknown vulnerabilities.