- CISA Warns FCEB Agencies to Fix F5 Products After Nation-State Breach
- Attackers stole BIG-IP source code and vulnerability data, risking zero-day discovery and exploitation.
- F5 released updates; no exploitation confirmed yet, but federal networks face imminent threat
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging federal Civilian Executive Branch (FCEB) agencies to catalog and patch F5 products in their technology stack, after hackers broke into the company and stole source code and other sensitive information.
In Emergency Directive ED 26-01, CISA stated that a “nation-state-affiliated cyber threat actor” had exfiltrated the F5 files, including part of its BIG-IP source code, and vulnerability information. With this intelligence, attackers can analyze F5 products, potentially discover zero-day vulnerabilities, and develop exploits and malware.
This development poses an “imminent threat to federal networks” using F5 products, CISA further noted, as it could result in the compromise of API keys, data exfiltration, and even complete compromise of targeted systems.
Fixes released
That being said, FCEB agencies should immediately catalog and patch/harden all BIG-IP iSeries, rSeries, and other F5 devices that have reached end of support. Additionally, they must do the same for all devices running BIG-IP (F5OS), BIG-UP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK)/Cloud-Native Network Functions (CNF).
“The requirements of this directive address the immediate risk and place agencies in the best position to respond to the threat actor’s anticipated targeting of these devices,” CISA warned.
We don’t know who the perpetrators of the threat are, but F5 confirmed the breach in a new SEC filing, CyberInsider reports. The global technology company said files from the development environment were recovered, including portions of BIG-IP’s source code, as well as internal vulnerability data related to not-yet-patched issues.
F5 stressed that critical or remotely exploitable vulnerabilities were not among the stolen files and that so far there has been no evidence of exploitation in the wild.
To mitigate the threat, the company has released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM customers.
Via Nextgov
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
