State-backed cybercriminals are currently focusing on Cisco Firepower devices, exploiting known vulnerabilities to deploy sophisticated malware. The group identified as UAT-4356 is utilizing two known vulnerabilities, CVE-2025-20333 and CVE-2025-20362, to infiltrate systems running the Firepower Extensible Operating System (FXOS).
Exploiting Known Vulnerabilities
According to Cisco Talos, UAT-4356, notorious for the ArcaneDoor campaign, is actively targeting network perimeter devices to conduct espionage. Their current strategy involves introducing a specialized backdoor named
