US Politics
US cyber officials issue ‘emergency directive’ after hackers breach government agency
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it’s investigating the financials of Elon Musk’s pro-Trump PAC or producing our latest documentary, ‘The A Word’, which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.
Read more
U.S. cyber security officials have issued an “emergency directive” after hackers breached at least one government agency.
The Cybersecurity and Infrastructure Security Agency said it was aware of an “ongoing exploitation campaign by an advanced threat actor” that was targeting appliances made by Cisco Systems.
CISA did not specify which agencies have been affected, or how, or where the threat had come from, though experts told CNN they believe the hackers are state-backed and based in China.
The hackers, who are believed to have targeted Cisco previously, have been exploiting previously unknown flaws in the software for several months. Their activity presents “a significant risk to victim networks,” according to CISA.
open image in gallery
“We are aware of hundreds of these [affected] devices being in the federal government,” said Chris Butera, a senior official at the Cybersecurity and Infrastructure Security Agency, according to CNN.
He added that the emergency directive will help officials understand “the full scope of the compromise across federal agencies.”
In its own release, Cisco said it had been made aware of the breaches by multiple government agencies in May 2025, and had “dedicated a specialized, full-time team to this investigation, working closely with a limited set of affected customers.
“Our response involved providing instrumented images with enhanced detection capabilities, assisting customers with the analysis of packet captures from compromised environments, and conducting in-depth analysis of firmware extracted from infected devices,” the release said.
“These collaborative and technical efforts enabled our teams to ultimately identify the underlying memory corruption bug in the product software.”
open image in gallery
According to the company, the attackers were observed to have exploited “multiple zero-day vulnerabilities and employed advanced evasion techniques.”
The complexity and sophistication of this incident required an extensive, multi-disciplinary response across Cisco’s engineering and security teams,” Cisco’s statement added.
The company said it believes “with high confidence” that the most recent attack is related to the same threat actor as the ArcaneDoor attack campaign reported in early 2024.
Cisco has urged its customers to update their software following the attacks.
The Independent has reached out to CISA and Cisco for comment and any updates regarding the breach, including which agencies may have been targeted.
