Security News > 2020 > September > Iranian Hackers Target Critical Vulnerability in F5's BIG-IP
A hacking group believed to be linked to the Iranian government was observed targeting a critical vulnerability that F5 Networks addressed in its BIG-IP application delivery controller in early July.
Tracked as CVE-2020-5902 and featuring a CVSS score of 10, the vulnerability allows remote attackers to take complete control of a targeted system.
One threat group targeting the vulnerability, Crowdstrike notes in a blog post, is PIONEER KITTEN, an Iran-based cyber-espionage group believed to be "a contract element operating in support of the Iranian government."
The group's focus is on "Gaining and maintaining access to entities possessing sensitive information of likely intelligence interest to the Iranian government," Crowdstrike notes.
"The widespread nature of PIONEER KITTEN's target scope is likely a result of the adversary's opportunistic operational model; the entities apparently of most interest to the adversary are technology, government, defense, and healthcare organizations," Crowdstrike says.
News URL
Related news
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-01 | CVE-2020-5902 | Path Traversal vulnerability in F5 products In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | 9.8 |