Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Thousands of networks—the lot A major software maker — run by the US government and Fortune 500 companies among them — faces an “imminent threat” of a breach by a nation-state hacking group after a breach, the federal government warned Wednesday.
F5, a Seattle-based maker of networking software, Violation disclosed F5 said on Wednesday that a “sophisticated” threat group working for an undisclosed nation-state government had secretly and persistently resided on its network for a “long period”. Security researchers who have responded to similar intrusions in the past took language to imply that the hackers were inside the F5 network for years.
Unprecedented
At the time, F5 said, hackers took control of the network segment that the company uses to create and distribute updates for BIG IP, a line of F5 server appliances. said Used by 48 of the world’s top 50 corporations. Wednesday’s disclosure said the threat group downloaded proprietary BIG-IP source code information about a privately discovered but not-yet-patched vulnerability. The hackers also obtained configuration settings that some customers used within their network.
Control of build systems and access to source code, customer configurations, and documentation of unpatched vulnerabilities gives hackers unprecedented knowledge of vulnerabilities and the ability to exploit them in supply-chain attacks on thousands of networks, many of which are sensitive. F5 and outside security experts say the theft of customer configuration and other data increases the risk of sensitive credentials being misused.
Customers place BIG-IP at the edge of their network to serve as a load balancer and firewall, and for inspection and encryption of data going in and out of the network. Given the BIG-IP’s network location and its role in managing traffic for web servers, previous compromise Allowed adversaries to extend their access to other parts of an infected network.
F5 said investigations by two external intrusion-response firms have yet to find any evidence of a supply-chain attack. The company attached letters from IOActive and NCC Group companies that testified that analyzing source code and building pipelines did not uncover any signs that a “threat actor modified or introduced any vulnerabilities to in-scope items.” The agencies also said they had not identified any evidence of serious vulnerabilities in the system. Investigators, which also included Mandient and CrowdStrike, found no evidence that its CRM, financial, support case management or health system data had been accessed.
The company released updates for its BIG-IP, F5OS, BIG-IQ, and APM products. There are CVE designations and other details here. F5 two days ago rotate BIG-IP signed the certificate, although it was not immediately confirmed that the move was in response to the breach.
