RE: https://mastodon.social/@campuscodi/115266344327722174

RE: https://mastodon.social/@campuscodi/115266344327722174

CISA has ordered federal agencies to install updates by the end of the week: https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices

This looks to be the new malware deployed in attacks: https://www.ncsc.gov.uk/news/persistent-malicious-targeting-cisco-devices

Threat actor is Storm-1849, the same one behind ArcaneDoor: https://sec.cloudapps.cisco.com/security/center/resources/detection_guide_for_continued_attacks