The U.S. cybersecurity agency CISA has reported that federal agencies are failing to adequately update their systems to defend against an ongoing hacking operation targeting Cisco firewalls.
In a revised advisory released on Wednesday, CISA noted it is currently “monitoring ongoing attacks” that exploit two vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) software. This software is used in a variety of high-level firewalls that help major corporations and government bodies shield their networks from cyber threats.
According to CISA, these vulnerabilities have been exploited by a sophisticated, yet unidentified, threat group since September. This activity led the agency to issue its third emergency directive this year, requiring agencies to update their vulnerable systems.
Although some federal departments reported to CISA that they had applied the necessary patches, the agency stated that several others “remain at risk” from the threats described in its directive.
CISA did not disclose which specific government entities had been breached, but strongly advised all agencies using impacted Cisco equipment to install the latest security updates to prevent further attacks.
Just last week, the Congressional Budget Office revealed it had suffered a cyberattack, which enabled suspected foreign hackers to access the agency’s emails and internal communications between lawmakers and CBO staff.
The CBO, which provides lawmakers with economic reports and analysis, did not specify how the attackers gained access. However, security expert Kevin Beaumont discovered that the CBO had a vulnerable Cisco firewall that had not been updated before the U.S. government shutdown on October 1. The agency disconnected the compromised Cisco device shortly before making the breach public.
