Security News > 2024 > June > Hackers use F5 BIG-IP malware to stealthily steal data for years
A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data.
Using the compromised F5 BIG-IP devices, the threat actors could stealthily steal sensitive customer and financial information from the company for three years without being detected.
The attackers used the compromised F5 BIG-IP appliance to retain persistence on the network, allowing them to gain access to the internal network while blending attacker traffic with legitimate network traffic, making detection more difficult.
In 2023, China-linked hackers exploited Fortinet zero-days to install a custom implant to steal data and pivot to VMWare ESXi and vCenter servers.
More recently, suspected state-sponsored threat actors exploited a Palo Alto Networks zero-day to install a custom backdoor to breach internal networks and steal data and credentials.
Chinese hackers hide on military and govt networks for 6 years.
News URL
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)