Fake F5 BIG-IP zero-day warning emails push data wipers

Fake F5 BIG-IP zero-day warning emails push data wipers

December 20, 2023 at 04:59PM

Israel National Cyber Directorate warns of phishing emails posing as F5 BIG-IP zero-day security updates, deploying data wipers for Windows and Linux. Israeli organizations targeted by pro-Palestinian and Iranian hacktivists since October. New phishing attack delivers data wipers through fake F5 update emails. Wipers communicate with a Telegram channel, posing significant threats. Caution to only download files from trusted sources.

Key takeaways from the meeting notes are:

1. The Israel National Cyber Directorate has issued a warning about phishing emails posing as F5 BIG-IP zero-day security updates that actually deploy data wipers on Windows and Linux systems.

2. Pro-Palestinian and Iranian hacktivists have been targeting Israel since October, conducting data theft and data-wiping attacks on organizations in the country.

3. A new data wiper known as BiBi Wiper, believed to have been created by pro-Hamas hacktivists, has been discovered targeting both Linux and Windows devices.

4. The phishing attack involving fake F5 updates deploying data wipers has been attributed to a pro-Palestinian hacktivist group named Handala, with the intention of breaching Israeli networks.

5. The phishing email urges Israeli organizations to download and install the security update before their network is breached, and it pushes an executable named F5UPDATER.exe for Windows and a shell script named update.sh for Linux.

6. The wipers attempt to impersonate F5 security updates and communicate with a Telegram channel to provide information about the device and status updates.

7. Both the Windows and Linux wipers attempt to wipe the data from the computer, with the Linux wiper involving the use of specific programs to delete users, home directories, operating system files, and partitions on the device.

8. Data wipers have been identified as a significant problem for Israel, and it is emphasized that files should only be downloaded from trusted sources, and security updates should be obtained directly from hardware vendors and not third-party sites.

These clear takeaways provide a comprehensive understanding of the cybersecurity threats and attacks discussed in the meeting notes.

Full Article