Security News > 2024 > June > Hackers use F5 BIG-IP malware to stealthily steal data for years
A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data.
Using the compromised F5 BIG-IP devices, the threat actors could stealthily steal sensitive customer and financial information from the company for three years without being detected.
The attackers used the compromised F5 BIG-IP appliance to retain persistence on the network, allowing them to gain access to the internal network while blending attacker traffic with legitimate network traffic, making detection more difficult.
In 2023, China-linked hackers exploited Fortinet zero-days to install a custom implant to steal data and pivot to VMWare ESXi and vCenter servers.
More recently, suspected state-sponsored threat actors exploited a Palo Alto Networks zero-day to install a custom backdoor to breach internal networks and steal data and credentials.
Chinese hackers hide on military and govt networks for 6 years.
News URL
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- New FireScam Android malware poses as RuStore app to steal data (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)