Skip to main content

FBI says an Iranian hacking group is targeted F5 networking devices

 Image result for iran flag

ABOUT F5 NETWORK

F5 Networks, Inc. is an American company that specializes in application services and appplication  device networking  (ADN). F5 technologies focus on the delivery, security, performance, and availability of web applications, including the availability of computing, storage, and network resources. F5 is headquartered in Seattle, Washington, with additional development, manufacturing, and administrative offices worldwide.

F5's offering was originally based on a Load balancing product, but has since expanded to include acceleration, application security, and DDOS defense. F5 technologies are available in data center and cloud environments 

Read more about F5 Networking 

----------------------------------------------------------------------------------------------------------------------------------------------

A group of elite hackers associated with the Iranian government has been detected attacking the US private and government sector, according to a security alert sent by the FBI last week.

While the alert, called a Private Industry Notification, didn't identify the hackers by name, sources have told ZDNet that the group is tracked by the larger cyber-security community under codenames such as Fox Kitten or Parisite.

IRAN'S CYBER OPERATIONS "SPEAR TIP"

A former government cyber-security analyst, now working for a private security firm, called the group as Iran's "spear tip" when it comes to cyber-attacks.

He described the group's primary task as having to provide an "initial beachead" to other Iranian hacking groups — such as APT33 (Shamoon), Oilrig (APT34), or Chafer.

To reach its goals, Fox Kitten primarily operates by attacking high-end and expensive network equipment using exploits for recently disclosed vulnerabilities, before companies had enough time to patch devices. Due to the nature of the devices they attack, targets primarily include large private corporations and government networks.

Once the hackers gain access to a device, they install a web shell or backdoor, transforming the equipment into a gateway into the hacked network.

According to reports published by cyber-security firms ClearSky and Dragos earlier this year, Fox Kitten has been using this modus operandi since the summer of 2019, when it began heavily targeting vulnerabilities such as:

  • Pulse Secure "Connect" enterprise VPNs (CVE-2019-11510)
  • Fortinet VPN servers running FortiOS (CVE-2018-13379)
  • Palo Alto Networks "Global Protect" VPN servers (CVE-2019-1579)
  • Citrix "ADC" servers and Citrix network gateways (CVE-2019-19781)

FBI WARNS OF NEW ATTACKS TARGETING F5 BIG-IP DEVICES

The FBI notification sent out to the US private sector last week says the group still targets these vulnerabilities, but Fox Kitten also upgraded its attack arsenal to include an exploit for CVE-2020-5902, a vulnerability disclosed in early July that impacts BIG-IP, a very popular multi-purpose networking device manufactured by F5 Networks. Continue read from Original Post 

Labels:

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more