- CISA warns FCEB agencies to patch F5 products after a nation-state breach
- Attackers stole BIG-IP source code and vulnerability data, risking zero-day discovery and exploitation
- F5 released updates; no confirmed exploitation yet, but federal networks face imminent threat
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging Federal Civilian Executive Branch (FCEB) agencies to catalog and patch F5 products in their tech stack, after hackers broke into the company and stole source code along with other sensitive information.
In the ED 26-01 emergency directive, CISA said that a “nation-state affiliated cyber threat actor” exfiltrated F5 files, including a portion of its BIG-IP source code, and vulnerability information. With this intelligence, the attackers can analyze F5’s products, potentially discover zero-day vulnerabilities, and develop exploits and malware.
This development is an “imminent threat to federal networks” using F5’s products, CISA further stressed, since it could result in the compromise of API keys, data exfiltration, and even full compromise of targeted systems.
Patches released
That being said, FCEB agencies must immediately catalog, and patch/harden any BIG-IP iSeries, rSeries, and other F5 devices that have reached end-of-support. Furthermore, they must do the same for all devices running BIG-IP (F5OS), BIG–UP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK)/Cloud-Native Network Functions (CNF).
“The requirements in this Directive address immediate risk and best position agencies to respond to anticipated targeting of these devices by the threat actor,” CISA warned.
We don’t know who the threat actors are, but F5 did confirm the breach in a new filing with the SEC, CyberInsider reports. The global tech company said files from the development environment were taken, including parts of BIG-IP source code, as well as internal vulnerability data related to yet unpatched issues.
F5 stressed that critical or remotely exploitable vulnerabilities were not among the stolen files, and so far there’s been no evidence of exploitation in the wild.
To mitigate the threat, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.
Via Nextgov
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
