Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Thousands of networks – a lot The federal government warned Wednesday that several of them — run by the U.S. government and Fortune 500 companies — face an “imminent threat” of being hacked by a state hacking group after a major software maker was hacked.
F5, a Seattle-based networking software company, The violation was revealed Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently resided in its network over the “long term.” Security researchers who responded to similar hacks in the past took the language to mean that the hackers were inside the F5 network For years.
Unprecedented
During that period, the hackers took control of a network segment that the company uses to create and distribute updates for BIG IP, a line of server hardware used by F5, F5 said. He says It is used by 48 of the world’s top 50 companies. The disclosure went on Wednesday to say that the threat group downloaded private BIG-IP source code information about vulnerabilities that were privately discovered but not yet patched. The hackers also obtained configuration settings used by some customers within their networks.
Control of the build system, access to source code and client configurations, and documentation of unpatched vulnerabilities has the potential to give hackers unprecedented knowledge of vulnerabilities and the ability to exploit them in supply chain attacks on thousands of networks, many of which are sensitive. F5 and outside security experts said the theft of client configurations and other data increases the risk of sensitive credentials being misused.
Customers place BIG-IP at the edge of their networks to use as load balancers and firewalls, and to inspect and encrypt data passing in and out of networks. Given BIG-IP’s network location and its role in managing traffic to web servers, Previous settlements It allowed adversaries to expand their access to other parts of the infected network.
F5 said investigations conducted by two third-party companies to respond to the intrusion have yet to find any evidence of supply chain attacks. The company attached letters from IOActive and NCC Group attesting that analyzes of the source code and build of the pipeline revealed no signs that “the threat actor modified or introduced any vulnerabilities to the elements in scope.” The companies also said they had not identified any evidence of critical vulnerabilities in the system. Investigators, including Mandiant and CrowdStrike, found no evidence that data was accessed from customer relationship management systems, financial systems, support case management, or health systems.
The company has released updates for its BIG-IP, F5OS, BIG-IQ, and APM products. CVE nomenclature and other details are here. 2 days ago F5 Rotate BIG-IP signed certificates, although there was no immediate confirmation that the move was in response to the hack.
