CISA issued an emergency directive following confirmed compromise of at least one US federal agency by a suspected state-sponsored actor, with available reporting referencing Cisco infrastructure in the directive context; the specific technical vector remains unconfirmed in public sources as of September 25, 2025. The directive falls under Binding Operational Directive authority, reserved for significant-risk intrusions against FCEB networks, indicating CISA assessed the threat as materially serious. Organizations with Cisco infrastructure or federal agency contracts should monitor the CISA Emergency Directives page for public directive release and maintain elevated behavioral monitoring on network infrastructure pending confirmed IOC publication.