Security News > 2024 > June > Hackers use F5 BIG-IP malware to stealthily steal data for years
![Hackers use F5 BIG-IP malware to stealthily steal data for years](/static/build/img/news/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years-medium.jpg)
A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data.
Using the compromised F5 BIG-IP devices, the threat actors could stealthily steal sensitive customer and financial information from the company for three years without being detected.
The attackers used the compromised F5 BIG-IP appliance to retain persistence on the network, allowing them to gain access to the internal network while blending attacker traffic with legitimate network traffic, making detection more difficult.
In 2023, China-linked hackers exploited Fortinet zero-days to install a custom implant to steal data and pivot to VMWare ESXi and vCenter servers.
More recently, suspected state-sponsored threat actors exploited a Palo Alto Networks zero-day to install a custom backdoor to breach internal networks and steal data and credentials.
Chinese hackers hide on military and govt networks for 6 years.
News URL
Related news
- Iranian hackers pose as journalists to push backdoor malware (source)
- New BIG-IP Next Central Manager bugs allow device takeover (source)
- F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
- Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (source)
- Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets (source)
- Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)