Cisco Firewalls Ablaze: China's Ghostly Hack Bonanza Sparks Fed Frenzy

This is your China Hack Report: Daily US Tech Defense podcast.Buckle up, listeners, Ting here, and no, I haven’t slept for two days—because China-linked hackers certainly haven’t. Let’s dive straight into today’s headline: US agencies are scrambling to patch and contain a very modern cyber onslaught, with Cisco firewalls smack in the crosshairs, and old-school espionage tools making a comeback.Here’s the firewall drama: The Cybersecurity and Infrastructure Security Agency, CISA, just issued one of those red-alert, drop-everything emergency directives. Why? Because Cisco’s Adaptive Security Appliances and Secure Firewalls—think the Six Million Dollar Man of network defense—were found riddled with three zero-day vulnerabilities, slickly catalogued as CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363. And it’s not theory—the hackers already have their hands in the cookie jar, exploiting at least two of these holes. Who’s behind it? Most experts, including Palo Alto Networks’ Unit 42 and Censys, trace the moves back to a sophisticated China-based espionage group known as ArcaneDoor, or UAT4356, alias Storm-1849 in Microsoft lingo.The playbook was nothing short of “Ocean’s Eleven: Cyber Edition.” These attackers slip in through overlooked VPN flaws, implant custom malware, tinker with device memory, and sometimes even crash devices just to stall forensics. Experts at Cisco have seen them disable logs, intercept command-line commands, and generally act like ghosts in the digital machinery. To make matters worse, some attacks may have brewed, undetected, since November of last year.But here’s the kicker for the enterprise crew: CISA is ordering every federal agency to identify all Cisco ASA and Firepower devices, collect and send memory dumps for forensic analysis, and disconnect outdated devices—by the end of today. No one’s being spared: public, private, critical infrastructure—you’re all on the guest list. Cisco has dropped fresh patches, but has told users to rotate every credential, update devices, scour configs, and treat any compromised box like it’s singing for the other side.And oh, while you’re busy wrestling firewalls, don’t forget about GeoServer—a widely used mapping platform—which is caught up in its own cyber soap opera. An unnamed US civilian agency was hit hard after running an unpatched version, CVE-2024-36401. The attackers loaded web shells, including that infamous China Chopper, brute-forced credentials, hijacked internal accounts, and grabbed sensitive data—all while evading detection for almost three weeks. The initial alarm only rang when an endpoint detection tool finally bleeped about suspicious files chilling on the SQL server.CISA’s audits have since flagged rampant issues like weak passwords, duplicate admin creds, insecure remote access, and even shoddy logging. In a separate advisory, CISA basically yelled, “Scan your systems ASAP and fix those holes before Beijing’s A-team upgrades from firewalls to everything else you forgot to patch.”Takeaways for today? Patch now, patch fast, and—seriously—rotate those passwords. If you’re running ASA 5500-X series firewalls or unpatched GeoServer, it’s officially DEFCON 1 in your IT department.That’s all for this round of China Hack Report: Daily US Tech Defense. Stay vigilant, keep things patched, and remember, your network is only one sleepy admin away from being global headline material. Thanks for tuning in, and don’t forget to subscribe. This has been a quiet please production, for more check out quiet please dot ai.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.