CISA says it observed nearly year-old activity tied to Cisco zero-day attacks | CyberScoop<\/title> <meta name=\"description\" content=\"The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cisa-emergency-directive-timeline-investigation\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CISA says it observed nearly year-old activity tied to Cisco zero-day attacks\"> <meta property=\"og:description\" content=\"The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cisa-emergency-directive-timeline-investigation\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-25T23:34:07+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-25T23:34:10+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1758741389g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86152\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86152\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-emergency-directive-timeline-investigation%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcisa-emergency-directive-timeline-investigation%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86152 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cisa-emergency-directive-timeline-investigation\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.654611211573\">\n<div class=\"single-article__header-content\" readability=\"36.48\">\n<p> The agency, which issued an emergency directive to federal agencies Thursday, said it took months to determine the root cause and mitigate the activity. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86152\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Cisco Systems logo is displayed at the Mobile World Congress (MWC) in Barcelona on February 25, 2019. (GABRIEL BOUYS \/ AFP) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"38.237675637056\"><body readability=\"78.864938608458\"><\/p>\n<p>The Cybersecurity and Infrastructure Security Agency acknowledged it\u2019s yet to get a complete handle on the scope and impact of attacks involving Cisco zero-day vulnerabilities that prompted it to <a href=\"https:\/\/cyberscoop.com\/cisa-emergency-directive-cisco-zero-days\/\">release an emergency directive<\/a> Thursday. <\/p>\n<p>The attack timeline dates back almost a year, according to an investigation Cisco and federal authorities did behind the scenes to identify the root cause and then coordinate the issuance of patches to address software defects under active exploitation. <\/p>\n<p>\u201cWe observed initial activity that we believe was related back in November,\u201d Chris Butera, acting deputy executive assistant director for cybersecurity at CISA, said during a media briefing Thursday. \u201cIt started off as reconnaissance activity on these types of devices, and that\u2019s what kicked off back in November.\u201d<\/p>\n<p>That malicious activity \u2014 read-only memory modification \u2014 \u201cbegan as early as November 2024, if not earlier,\u201d he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>CISA said it\u2019s aware of hundreds of Cisco firewalls in use across the federal government that are potentially susceptible to exploitation. The mandated steps outlined in the emergency directive will help the agency understand the full scope of those devices and the extent of compromise across federal agencies, Butera said.<\/p>\n<p>Critical infrastructure operators are also likely affected, and CISA is asking those organizations to report incidents as they are confirmed, Butera said. <\/p>\n<p>He also addressed a considerable delay from discovery to disclosure. Cisco said it initiated an incident response investigation into the attacks on multiple federal agencies in May, but four months passed before it disclosed the malicious activity and patched the zero-day vulnerabilities. <\/p>\n<p>During that time, CISA chose to hold off on releasing the emergency directive, which requires federal agencies to take immediate action by the end of Friday. <\/p>\n<p>\u201cWith any vulnerability coordination, it takes some time to properly understand what that vulnerability is and whether that vulnerability is being exploited, and some time for the vendors to develop a patch to mitigate that,\u201d Butera said. \u201cSo the timeline involved both investigation and patch development for that process.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>He added that CISA and Cisco collaborated to implement mitigation steps and remediate the malicious activity. The agency also worked with Cisco through the coordinated vulnerability disclosure process \u201cso we could appropriately address the risk as fully as possible during this time,\u201d Butera said.<\/p>\n<p>Federal officials are concerned attacks may accelerate or shift in the wake of CISA\u2019s effort to prod agencies to thwart the threat. <\/p>\n<p>\u201cAs soon as these vulnerabilities are released to the threat actor, we believe the threat actor will likely try to pivot and change tactics,\u201d Butera said. \u201cWe think it\u2019s really important for our organization to try to detect that threat actor activity as quickly as possible, so that is what\u2019s driving the tight timeline.\u201d <\/p>\n<p>Officials declined to discuss the attackers\u2019 origins or motivations in detail. Butera said CISA is not focused on attribution at this time, and he did not confirm research from outside threat intelligence firms pinning the espionage attacks on a China state-affiliated threat group tracked as UAT4356 and Storm-1849. <\/p>\n<p>Butera said the espionage attacks linked to the Cisco zero-day vulnerabilities are separate and not connected to the widespread and ongoing China state-sponsored attack spree Mandiant and Google Threat Intelligence Group researchers <a href=\"https:\/\/cyberscoop.com\/chinese-cyberespionage-campaign-brickstorm-mandiant-google\/\">warned about Wednesday<\/a>. Those attacks also involve exploitation of network edge devices.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3771106941839\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cisa-emergency-directive-timeline-investigation\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA says it observed nearly year-old activity tied to Cisco<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[271,1209,1764,1753,78,452,624,3119,117,310,288,643,1544,1170],"tags":[277,668,1769,1756,86,454,629,3120,119,311,294,645,1545,1171],"class_list":["post-8023","post","type-post","status-publish","format-standard","hentry","category-china","category-cisa","category-cisco","category-cyber-espionage","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-espionage","category-firewall","category-government","category-technology","category-threats","category-vulnerabilities","category-zero-day","category-zero-days","tag-china","tag-cisa","tag-cisco","tag-cyber-espionage","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-espionage","tag-firewall","tag-government","tag-technology","tag-threats","tag-vulnerabilities","tag-zero-day","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisco\/\" rel=\"category tag\">Cisco<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cyber-espionage\/\" rel=\"category tag\">cyber espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day\/\" rel=\"category tag\">Zero-day<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8023"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8023\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8023,"date":"2025-09-25T18:34:07","date_gmt":"2025-09-25T23:34:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86152"},"modified":"2025-09-25T18:34:07","modified_gmt":"2025-09-25T23:34:07","slug":"cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/25\/cisa-says-it-observed-nearly-year-old-activity-tied-to-cisco-zero-day-attacks\/","title":{"rendered":"CISA says it observed nearly year-old activity tied to Cisco zero-day attacks"},"content":{"rendered":"