Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks

Thousands of networks—many of them operated by nan US authorities and Fortune 500 companies—face an “imminent threat” of being breached by a nation-state hacking group pursuing nan breach of a awesome shaper of software, nan national authorities warned connected Wednesday.

F5, a Seattle-based shaper of networking software, disclosed nan breach connected Wednesday. F5 said a “sophisticated” threat group moving for an undisclosed nation-state authorities had surreptitiously and persistently dwelled successful its web complete a “long term.” Security researchers who person responded to akin intrusions successful nan past took nan connection to mean nan hackers were wrong nan F5 web for years.

Unprecedented

During that time, F5 said, nan hackers took power of nan web conception nan institution uses to create and administer updates for BIG IP, a statement of server appliances that F5 says is utilized by 48 of nan world’s apical 50 corporations. Wednesday’s disclosure went connected to opportunity nan threat group downloaded proprietary BIG-IP root codification accusation astir vulnerabilities that had been privately discovered but not yet patched. The hackers besides obtained configuration settings that immoderate customers utilized wrong their networks.

Control of nan build strategy and entree to nan root code, customer configurations, and archiving of unpatched vulnerabilities has nan imaginable to springiness nan hackers unprecedented knowledge of weaknesses and nan expertise to utilization them successful supply-chain attacks connected thousands of networks, galore of which are sensitive. The theft of customer configurations and different information further raises nan consequence that delicate credentials tin beryllium abused, F5 and extracurricular information experts said.

Customers position BIG-IP astatine nan very separator of their networks for usage arsenic load balancers and firewalls, and for inspection and encryption of information passing into and retired of networks. Given BIG-IP's web position and its domiciled successful managing postulation for web servers, previous compromises person allowed adversaries to grow their entree to different parts of an infected network.

F5 said that investigations by 2 extracurricular intrusion-response firms person yet to find immoderate grounds of supply-chain attacks. The institution attached letters from firms IOActive and NCC Group attesting that analyses of root codification and build pipeline uncovered nary signs that a “threat character modified aliases introduced immoderate vulnerabilities into nan in-scope items." The firms besides said they didn’t place immoderate grounds of captious vulnerabilities successful nan system. Investigators, which besides included Mandiant and CrowdStrike, recovered nary grounds that information from its CRM, financial, support lawsuit management, aliases wellness systems was accessed.

The institution released updates for its BIG-IP, F5OS, BIG-IQ, and APM products. CVE designations and different specifications are here. Two days ago, F5 rotated BIG-IP signing certificates, though location was nary contiguous confirmation that nan move is successful consequence to nan breach.