 |
| An Iranian group of hackers attacked the F5 network devices |
Iranian hacker groups are attacking F5 network devices because last week's FBI security warning showed that Iranian hacking groups are targeting private and government agencies in the United States.
Although the alert did not identify the hacker by name, the source said the group was being tracked by the cybersecurity community under a codename like (Fox Kitten) or (Parasite).
A former government cybersecurity analyst who now works for a private security firm describes the organization as the Iranian backbone involved in cyber attacks.
The main task of this group is to create the main starting point for other Iranian hacker groups such as Shamoon, Oilrig or Chafer.
To achieve its goal, Fox Kitten uses recently disclosed exploit methods to attack complex and expensive network hardware before the company has time to fix the hardware.
Due to the type of equipment with which they are attacked, the targets are mostly large private companies and government networks.
Once the hackers access the device, they install a backdoor and turn the device into a gateway to the infected network.
Fox Kitten has been using this mode since the summer of 2019, according to a report released by cybersecurity companies ClearSky and Dragos earlier this year.
The team focused on security vulnerabilities such as Pulse Secure, Fortinet VPN, Palo Alto Networks, Citrix ADC server, and Citrix web portal.
The notice states: The organization is still dealing with these vulnerabilities but has updated its arsenal to include exploiting vulnerabilities that affect BIG-IP, a very popular multifunctional networking device from F5 networks.
The FBI did not use a common name to identify the group, but it has cited previous attacks on secure VPNs and Citrix portals.
Once the hackers enter the network, they will likely grant access to other Iranian organizations or distribute ransomware to use networks unnecessary for spying activities.
FBI officials have also warned that the organization is not targeting a specific segment and that any company operating BIG-IP could become a target.
The FBI is urging US companies to correct their BIG-IP devices to prevent successful destruction.
FBI officials have also shared details of the typical Fox Kitten attacks so the company can take countermeasures.
Although not mentioned in the FBI warning, the source indicated that the Fox Kitten attack on the BIG-IP was successful.
It should be noted that the Iranian government-sponsored hacking organization is not the only participant in the fight against the BIG-IP vulnerability, as several hacker organizations began exploiting the vulnerability within two days of publishing the detailed information.