- CISA warns FCEB agencies to patch F5 products after nation-state breach
- The attackers stole BIG-IP source code and vulnerability data, risking discovery and exploitation on day zero.
- F5 released updates; No confirmed exploitation yet, but federal networks face imminent threat
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging Federal Civil Executive Branch (FCEB) agencies to catalog and patch F5 products in their technology stack, after hackers broke into the company and stole the source code along with other sensitive information.
In emergency directive ED 26-01, CISA said that a “nation-state-affiliated cyber threat actor” exfiltrated F5 files, including a portion of its BIG-IP source code and vulnerability information. With this intelligence, attackers can analyze F5 products, potentially discover zero-day vulnerabilities, and develop exploits and malware.
This development is an “imminent threat to federal networks” using F5 products, CISA further emphasized, as it could result in the compromise of API keys, data breaches, and even outright compromise of specific systems.
Patches released
That said, FCEB agencies should immediately catalog and patch/harden any BIG-IP iSeries, rSeries, and other F5 devices that have reached end of support. Additionally, they must do the same for all devices running BIG-IP (F5OS), BIG–UP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK)/Cloud Native Network Functions (CNF).
“The requirements of this Directive address the immediate risk and better position agencies to respond to anticipated attacks on these devices by the threat actor,” CISA warned.
We don’t know who the threat actors are, but F5 confirmed the breach in a new SEC filing. CyberInsider information. The global technology company said files were taken from the development environment, including parts of BIG-IP’s source code, as well as internal vulnerability data related to still-unpatched issues.
F5 emphasized that no critical or remotely exploitable vulnerabilities were found among the stolen files, and so far there has been no evidence of exploitation in the wild.
To mitigate the threat, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes clients, BIG-IQ, and APM.
Through Nextgov
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
