U.S. cybersecurity agency CISA says federal government departments are not sufficiently patching to protect against an active hacking campaign targeting Cisco firewalls.
In an updated advisory published Wednesday, CISA said that it was currently “tracking active exploitation” of two security flaws in Cisco’s Adaptive Security Appliance (ASA) software, which powers a range of enterprise-grade firewalls used by corporate giants and government agencies to protect their networks from malicious outsiders.
CISA said the flaws have been abused by an “advanced” but as-yet-unnamed threat actor since September, which prompted the agency to issue its third emergency directive of the year, ordering agencies to patch their affected systems.
While some federal agencies told the agency that they had patched their systems, CISA said some agencies were “still vulnerable” to the threats as outlined in the agency’s directive.
The agency did not say which government departments had been compromised, but urged all agencies with affected Cisco devices to update to the latest patch version to avoid exploitation.
Last week, the Congressional Budget Office confirmed it had been hacked, allowing suspected foreign hackers to steal the agency’s emails and chat logs between lawmakers’ offices and the agency’s researchers.
The CBO, which offers economic analysis and information to lawmakers, would not say how the hackers got in, but security researcher Kevin Beaumont found that the CBO had an affected Cisco firewall that hadn’t been patched prior to the U.S. government shutdown on October 1. The CBO pulled the affected Cisco router offline shortly before disclosing the hack.
