- CISA warns FCEB agencies to patch F5 products after nation-state breach
- Attackers stole BIG-IP source code and vulnerability data and risk zero-day detection and exploitation
- F5 released updates; no confirmed exploit yet, but federal networks face an imminent threat
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging Federal Civilian Executive Branch (FCEB) agencies to catalog and patch F5 products in their tech stack after hackers broke into the company and stole source code along with other sensitive information.
In the ED 26-01 emergency directive, CISA said a “nation-state-linked cyber threat actor” exfiltrated F5 files, including part of its BIG-IP source code and vulnerability information. With this intelligence, the attackers can analyze F5’s products, potentially discover zero-day vulnerabilities and develop exploits and malware.
This development is an “imminent threat to federal networks” using F5’s products, CISA further stressed, as it can result in compromise of API keys, data exfiltration and even full compromise of targeted systems.
Patches released
That said, FCEB agencies must immediately catalog and patch/harden all BIG-IP iSeries, rSeries and other F5 devices that have reached end-of-support. Additionally, they must do the same for all devices running BIG-IP (F5OS), BIG-UP (TMOS), Virtual Edition (VE), BIG-IP Next, BIG-IQ, and BIG-IP Next for Kubernetes (BNK)/Cloud-Native Network Functions (CNF).
“The requirements of this directive address immediate risks and agencies in the best position to respond to anticipated targeting of these entities by the threat actor,” CISA warned.
We don’t know who the threat actors are, but F5 confirmed the breach in a new filing with the SEC, CyberInsider reports. The global technology company said files from the development environment were taken, including parts of the BIG-IP source code, as well as internal vulnerability data related to yet-to-be-patched issues.
F5 emphasized that critical or remotely exploitable vulnerabilities were not among the stolen files, and so far there has been no evidence of exploitation in the wild.
To mitigate the threat, the company released updates to BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ and APM clients.
Via Nextgov
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
