Sign up to save your podcasts
Or
Share Cisco Firewall Fail: China's Cyber Dragons Breach US Defenses!
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cisco Firewall Fail: China's Cyber Dragons Breach US Defenses!
This is your Dragon's Code: America Under Cyber Siege podcast.
Listeners, Ting here—your favorite cyber sleuth with a knack for all things China, hacking, and a bit of dry wit on the side. Strap in, because the past week has read like the ultimate season finale of Dragon’s Code: America Under Cyber Siege—except this time, the cyber dragons aren’t just at the gates. They’re IN the walls, behind the firewalls, sipping your coffee, and rewriting your router configs.
Let’s get to the breach everyone’s talking about: a wave of sophisticated cyberattacks targeting US infrastructure, especially government networks and anyone using Cisco’s Adaptive Security Appliances. According to Chris Butera, CISA’s acting deputy executive assistant director for cybersecurity, “The threat campaign is widespread.” Translation—bad news for anyone who ever set up a Cisco firewall and thought, “What could go wrong?” These attacks relied on what the cool kids in infosec call zero-days: vulnerabilities that even Cisco didn’t know about until the dragons came roaring through.
Here’s how the offensive unfolded: hackers, believed to be operating out of China and closely tracked as ArcaneDoor, Storm-1849 by Microsoft, or UAT4356 if you like code names, discovered three dangerous vulnerabilities—especially CVE-2025-20333 and CVE-2025-20362. These bugs let attackers send sneaky HTTP(S) requests that give them root privileges or access to restricted URLs without passing Go or collecting $200. The real kicker? This allowed malware implants, remote code execution—basically letting the attackers become admin wizards of your network even after you rebooted the device or updated its firmware. These dragons were burning everything but leaving no smoke, using advanced evasion techniques like disabling logging and disguising commands. Sam Rubin from Palo Alto Networks described it as “a more focused, sophisticated campaign than we’ve seen previously.”
The US Cybersecurity and Infrastructure Security Agency, or CISA, pulled the emergency brake Thursday. All civilian agencies had to test Cisco firewall gear for breaches and unplug compromised units before midnight Friday. Basically: if your firewall so much as coughed, it got yanked out and put in cyber quarantine. Patches were developed and rushed out, with Cisco’s engineers and security wonks burning the midnight oil. Chris Butera noted that it took months of investigation to pin down the root cause, since the attackers had been poking around as early as last November—talk about persistence!
The impact? At least 10 organizations worldwide breached, “hundreds” of potentially vulnerable US devices, and still an uncertain number affected across critical infrastructure. No official US attribution to China yet, but threat intel firms like Palo Alto’s Unit 42 and Censys are confident—the fingerprints all point back to Beijing.
Expert advice? Defensive playbooks got rewritten overnight. Agencies had to hunt for compromise, apply Cisco’s ne
This content was created in partnership and with the help of Artificial Intelligence AI.
View all episodes
By Inception Point AIThis is your Dragon's Code: America Under Cyber Siege podcast.
Listeners, Ting here—your favorite cyber sleuth with a knack for all things China, hacking, and a bit of dry wit on the side. Strap in, because the past week has read like the ultimate season finale of Dragon’s Code: America Under Cyber Siege—except this time, the cyber dragons aren’t just at the gates. They’re IN the walls, behind the firewalls, sipping your coffee, and rewriting your router configs.
Let’s get to the breach everyone’s talking about: a wave of sophisticated cyberattacks targeting US infrastructure, especially government networks and anyone using Cisco’s Adaptive Security Appliances. According to Chris Butera, CISA’s acting deputy executive assistant director for cybersecurity, “The threat campaign is widespread.” Translation—bad news for anyone who ever set up a Cisco firewall and thought, “What could go wrong?” These attacks relied on what the cool kids in infosec call zero-days: vulnerabilities that even Cisco didn’t know about until the dragons came roaring through.
Here’s how the offensive unfolded: hackers, believed to be operating out of China and closely tracked as ArcaneDoor, Storm-1849 by Microsoft, or UAT4356 if you like code names, discovered three dangerous vulnerabilities—especially CVE-2025-20333 and CVE-2025-20362. These bugs let attackers send sneaky HTTP(S) requests that give them root privileges or access to restricted URLs without passing Go or collecting $200. The real kicker? This allowed malware implants, remote code execution—basically letting the attackers become admin wizards of your network even after you rebooted the device or updated its firmware. These dragons were burning everything but leaving no smoke, using advanced evasion techniques like disabling logging and disguising commands. Sam Rubin from Palo Alto Networks described it as “a more focused, sophisticated campaign than we’ve seen previously.”
The US Cybersecurity and Infrastructure Security Agency, or CISA, pulled the emergency brake Thursday. All civilian agencies had to test Cisco firewall gear for breaches and unplug compromised units before midnight Friday. Basically: if your firewall so much as coughed, it got yanked out and put in cyber quarantine. Patches were developed and rushed out, with Cisco’s engineers and security wonks burning the midnight oil. Chris Butera noted that it took months of investigation to pin down the root cause, since the attackers had been poking around as early as last November—talk about persistence!
The impact? At least 10 organizations worldwide breached, “hundreds” of potentially vulnerable US devices, and still an uncertain number affected across critical infrastructure. No official US attribution to China yet, but threat intel firms like Palo Alto’s Unit 42 and Censys are confident—the fingerprints all point back to Beijing.
Expert advice? Defensive playbooks got rewritten overnight. Agencies had to hunt for compromise, apply Cisco’s ne
This content was created in partnership and with the help of Artificial Intelligence AI.