The U.S. government’s cyber defense agency has issued an urgent warning after discovering that hackers are exploiting a newly identified flaw in Cisco security appliances.
In a directive released Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) ordered federal IT teams to immediately identify all vulnerable devices connected to their systems, inspect them for potential intrusions, and implement the necessary security patches within just over 24 hours.
“This widespread campaign poses a significant risk to victims’ networks,” CISA said in a statement.
The flaw impacts certain Cisco Adaptive Security Appliance (ASA) 5500-X Series units, which serve as firewalls shielding business networks from cyberattacks.
Related story: Collins Aerospace Races to Restore Airline Software After Cyberattack
Firewalls Under Attack
Although these devices are intended to strengthen network defenses, their constant online exposure and the common issue of outdated software make them a prime target for hackers.
Verizon’s annual cybersecurity breach report, released in May, highlighted a sharp rise in attacks against network edge devices throughout 2024.
Cisco, in a separate blog post published Thursday, acknowledged that the malicious activity targeting its products was both advanced and highly organized.
The company linked the attacks to a previously identified cyberespionage campaign known as ArcaneDoor.
According to research by the internet intelligence group Censys, ArcaneDoor has been connected to Chinese state-linked operators, though Beijing consistently rejects accusations of involvement in such incidents.
Cisco emphasized the importance of customers acting swiftly by following the company’s security guidance to confirm “exposure and courses of action.”
Rising Cybersecurity Urgency
This discovery underscores a recurring challenge: the very technologies meant to safeguard systems often become gateways for attackers if not carefully maintained.
For agencies and businesses alike, the CISA directive highlights how quickly defensive measures must be deployed in the face of sophisticated threats.
As hackers continue to refine their strategies, experts warn that vigilance and timely updates remain the strongest tools against intrusions.
Cisco’s response and CISA’s emergency measures reflect the growing urgency around protecting critical digital infrastructure from increasingly complex campaigns.
Read next: Cyberattack Paralyzes European Air Travel as Brussels Airport Cancels Half of Monday Flights