December 20, 2023 at 10:10AM
The Israel National Cyber Directorate issued an urgent warning about a targeted email campaign impersonating F5 Networks, delivering dangerous wiper malware. The attacker capitalized on a critical F5 BIG-IP vulnerability, sending emails from “[email protected]” with an attached file named “update.zip.” The malware can delete F5 servers but cannot spread laterally. Detection and identification of attacks are challenging. Target specifics and total detections remain unclear.
Based on the meeting notes, the Israel’s National Cyber Directorate (NCD) has issued an “urgent warning” about a targeted email campaign impersonating F5 Networks. The campaign delivers a dangerous wiper malware and lures recipients with a critical authentication bypass vulnerability in F5’s BIG-IP. The attacker sends emails from “cert @ f5.support,” with a generic file named “update.zip” purporting to be an update for the vulnerability. The download contains a wiper that deletes F5 servers. The malware cannot move laterally from server to server, and each attack’s file identifier and download URL are unique to each victim, making it difficult to identify other attacks. The agency has not specified the number of detections or specific targets.
Let me know if you need anything else!