Cisco firewall zero-days and bootkits in the wild

Three Buddy Problem - Episode 65: We zero in on one of the biggest security stories of the year: the discovery of a persistent multi-stage bootkit implanting malware on Cisco ASA firewalls. Details on a new campaign, tied to the same threat actors behind ArcaneDoor, exploiting zero-days in Cisco’s 5500-X series appliances, devices that sit at the heart of government and enterprise networks worldwide.

Plus, Cisco’s controversial handling of these disclosures, CISA's emergency deadlines for patching, the absence of IOCs and samples, and China’s long-term positioning. Plus, thoughts on the Secret Service SIM farm discovery in New York and evidence of Russians APTs Turla and Gamaredon collaborating to hit Ukraine targets.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

• Transcript (unedited, AI-generated)
• Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
• Mandiant Brickstorm Scanner
• Cisco advisory: Continued Attacks Against Cisco Firewalls
• NCSC report on Cisco ASA bootkit in the wild
• U.S. government scrambles to stop new hacking campaign blamed on China
• US Secret Service Statement on SIM Farm Discovery
• NYTimes: Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.
• Airport chaos: Ransomware hits airport check-in systems
• NCSC statement: Incident impacting Collins Aerospace
• Gamaredon X Turla collab