"The attackers used a remarkable tactic: lying low for months to allow forensic logs to expire. Waiting to let forensic data expire demonstrates the group's professionalism. The hack at F5 began in late 2023, when attackers exploited a vulnerability in BIG-IP software. According to sources familiar with the incident, F5 staff failed to follow the cybersecurity guidelines that the company provides to customers."
"After gaining access to F5's VMware environment, the hackers opted for a remarkable strategy. They went virtually silent for over a year. This tactic allows attackers to let the forensic data that organizations use to reconstruct cyberattacks expire. Cybersecurity logs provide forensic data on how hackers infiltrate organizations. However, many companies only keep these expensive logs for about a year. By waiting, attackers can effectively cover their tracks."
Chinese state hackers exploited a vulnerability in F5's BIG-IP software at the end of 2023 and gained access to critical systems. Attackers installed Brickstorm malware to maintain long-term, stealthy access to technology providers. The attackers remained virtually silent for over a year to allow forensic logs to expire, exploiting typical one-year log retention to cover their tracks. During the intrusion, attackers accessed sensitive information from a small percentage of customers. F5 discovered the breach in August and engaged CrowdStrike and Google's Mandiant. The CEO informed customers, law enforcement and government agencies are assisting, no evidence of altered source code was found, and F5 released security updates for 44 vulnerabilities.
Read at www.techzine.eu
Unable to calculate read time
Collection
[
|
...
]