Security News > 2024 > June > Hackers use F5 BIG-IP malware to stealthily steal data for years

Hackers use F5 BIG-IP malware to stealthily steal data for years
2024-06-17 17:37

A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data.

Using the compromised F5 BIG-IP devices, the threat actors could stealthily steal sensitive customer and financial information from the company for three years without being detected.

The attackers used the compromised F5 BIG-IP appliance to retain persistence on the network, allowing them to gain access to the internal network while blending attacker traffic with legitimate network traffic, making detection more difficult.

In 2023, China-linked hackers exploited Fortinet zero-days to install a custom implant to steal data and pivot to VMWare ESXi and vCenter servers.

More recently, suspected state-sponsored threat actors exploited a Palo Alto Networks zero-day to install a custom backdoor to breach internal networks and steal data and credentials.

Chinese hackers hide on military and govt networks for 6 years.


News URL

https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 211 52 502 206 41 801