As per PIN from FBI passed last week, Iranian state-sponsored hackers are actively exploiting a vulnerability in BIG-IP devices from F5, to install backdoors for future use. This led the companies using the vulnerable BIG-IP devices to disconnect themselves from network and monitor for possibly hijacks already made.
Iranian Hackers Target BIG-IP Devices to Install Backdoors
Ever since the US killed the top military general of Iran in January this year, the Iranian government is conspired to deploy cyber attacks against US companies to exploit them in vengeance. And in the latest warning issued by FBI last week to all private companies in the US, Iranian state-sponsored hackers are targeting a vulnerability in BIG-IP devices, from F5.
BIG-IP is a multi-networking and application delivery device used by several companies for communications. A vulnerability found in these devices, tracked as CVE-2020-5902 can lead hackers to exploit to let them in for unauthorized network access. Though the FBI didn’t specifically mention the malicious group, it’s touted to be the Fox Kitten (Parisite) from Iran.
The Fox Kitten group is the spearhead of Iranian cyber-espionage attacks, where it actively exploits any zero-day bugs found in high-end devices to install backdoors and pass it to other APTs for more exploitation. The group has previously attacked Palo Alto Networks “Global Protect” VPN servers, Fortinet VPN servers running FortiOS, Pulse Secure “Connect” enterprise VPNs and Citrix “ADC” servers and Citrix network gateways.
Since it exploits the vulnerable devices even before the maker passes out a patch, users are recommended to be aware of such vulnerabilities. FBI has also given the Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) in its alert, and the F5 to has published an advisory. Companies using the BIG-IP devices are recommended to use CVE-2020-5902 IOC Detection Tool to scan for possible threats.
Other Trending News:- News