Israel’s Nationwide Cyber Directorate (NCD) has issued an “pressing warning” a couple of focused e mail marketing campaign impersonating F5 Networks that delivers a harmful wiper malware.
The lure for the assault is a essential authentication bypass vulnerability in F5’s BIG-IP, disclosed in late October. On the time, F5 mentioned one technique to resolve the vulnerability was to obtain and run a particular shell script file on the BIG-IP system.
Within the message, the attacker capitalized on this, informing the recipient that an connected file is the replace for the vulnerability. The emails are despatched from “cert @ f5.assist,” and the file is generically named “replace.zip.” The obtain truly incorporates a wiper that deletes any F5 servers that admins run it on, in response to the company’s alert. The excellent news is that the malware is unable to maneuver laterally from server to server, so the extent of any given assault relies on the admin working the file on a number of cases.
In keeping with the evaluation, the file identifier for every assault is exclusive to every sufferer, as is the URL to obtain the payload. The NCD mentioned this can make figuring out different assaults tougher.
It was not clear what number of detections there have been up to now, or who has been particularly focused.
