A group of Iranian hackers have been attacking the the US private and government sector, according to a security alert sent by the FBI last week.
ZDNet reports that the Private Industry Notification didn't identify the hackers by name, sources have told ZDNet that the group is tracked by the larger cybersecurity community under codenames such as Fox Kitten or Parisite.
The group, says ZDNet, "operates by attacking high-end and expensive network equipment using exploits for recently disclosed vulnerabilities, before companies had enough time to patch devices. Due to the nature of the devices they attack, targets primarily include large private corporations and government networks. Once the hackers gain access to a device, they install a web shell or backdoor, transforming the equipment into a gateway into the hacked network."
According to ZDNet, the FBI notification says the group still targets vulnerabilities such as:
- Pulse Secure "Connect" enterprise VPNs (CVE-2019-11510)
- Fortinet VPN servers running FortiOS (CVE-2018-13379)
- Palo Alto Networks "Global Protect" VPN servers (CVE-2019-1579)
- Citrix "ADC" servers and Citrix network gateways (CVE-2019-19781)
The FBI notes, however, that Fox Kitten upgraded its attack arsenal to include an exploit for CVE-2020-5902, a vulnerability disclosed in early July that impacts BIG-IP, a very popular multi-purpose networking device manufactured by F5 Networks, says ZDNet. "The FBI warns companies that once the hackers gain access to their networks, they are very likely to provide access to other Iranian groups, or monetize networks that aren't useful for espionage by deploying ransomware. While the FBI asked US companies to patch their on-premise BIG-IP devices to prevent successful intrusions, FBI officials also shared details about a typical Fox Kitten attack, so companies can deploy countermeasures and detection rules," notes ZDNet.
For more information, please visit https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/