The FBI has warned that Iranian hackers are using the BIG-IP exploit to attack US private and government networks.
In the security alert, the FBI did not name any specific group or campaign but ZDNet’s sources told the publication “the group is tracked by the larger cyber-security community under codenames such as Fox Kitten or Parasite.”
The alert suggests the hackers are taking advantage of the CVE-2020-5902 vulnerability discovered in July.
CVE-2020-5902 affects BIG-IP, a popular multi-purpose networking device manufactured by F5 Networks which is widely used in data centers and cloud environments. An exploit taking advantage of the BIG-IP bug has recently been spotted as part of a Mirai-based DDoS botnet.
Relations between Washington and Tehran have deteriorated further over the past year. Just last week, Iran deployed a fake US aircraft carrier which it uses for target practice in a show of force (which it accidentally sank.)
The majority of battles today are fought in the cyber world, but that doesn’t make them any less dangerous. In fact, some experts claim the risk from cyber warfare is on par with nuclear and climate change.
Many cyberattacks are attributed to Iran but they’re generally regarded as less-sophisticated compared to countries with advanced cyber capabilities such as China and Russia.
Researchers from ClearSky published a report (PDF) in February detailing an Iranian offensive cyber campaign dubbed Fox Kitten which has been ongoing for at least three years and targets various industries, predominantly in the US and Israel.
ClearSky’s report earlier in the year identified four main vulnerabilities Fox Kitten was exploiting:
Pulse Secure “Connect” enterprise VPNs (CVE-2019-11510)
Fortinet VPN servers running FortiOS (CVE-2018-13379)
Palo Alto Networks “Global Protect” VPN servers (CVE-2019-1579)
Citrix “ADC” servers and Citrix network gateways (CVE-2019-19781)
The researchers said that Fox Kitten is “among Iran’s most continuous and comprehensive campaigns revealed until now” and gave a “medium probability” rating that various Iranian state-sponsored hacking groups are working together on the campaign.
Security experts suspect the attacks are state-sponsored due to the hackers’ choice of targets – which appear intended to cause chaos and gain access to information, rather than for any financial gain.
Source » telecomstechnews