NCSC warns of persistent malware campaign [RayInitiator and LINE VIPER] targeting Cisco devices

In a significant update on a previous malicious campaign exposed last year, Cisco has said the same threat actor has exploited new vulnerabilities in Cisco Adaptive Security Appliance (ASA) 5500-X Series devices to implant malware, execute commands, and potentially exfiltrate data from compromised devices.

As some Cisco ASA 5500-X series models will be out of support from September 2025 and August 2026, the NCSC strongly recommends, where practicable, such devices should be replaced or upgraded. Obsolete and end-of-life devices present a significant security risk to organisations.

The RayInitiator and LINE VIPER malware represents a significant evolution on that used in the previous campaign, both in sophistication and its ability to evade detection. More information on managing obsolete and end-of-life devices can be found in the device security guidance.

To read the complete article see: NCSC as well as Malware Analysis Report and Cisco Security Guidance.