An Iranian hacking group is attacking the devices of F5 Networks, as a security warning sent by the FBI last week revealed an Iranian hacker group attacking the US private and government sectors.
While the alert did not identify the hackers by name, sources indicate that the group is being tracked from the cybersecurity community under code names, such as (Fox Kitten) or (Parasite).
A former government cyber security analyst, who now works for a private security firm, described the group as a mainstay of Iran when it comes to cyber attacks.
The primary mission of this group is to provide an initial starting point for other Iranian hacking groups, such as Shamoon, Oilrig or Chafer.
To achieve its goals, Fox Kitten works primarily by attacking sophisticated and expensive network equipment using newly disclosed vulnerabilities, before companies have time to patch the devices.
Given the nature of the devices that attack them, the targets mainly include large private companies and government networks.
Once the hackers access a device, they install a backdoor, turning the equipment into a gateway to the compromised network.
The group began by heavily targeting vulnerabilities, such as Pulse Secure, Fortinet VPN, Palo Alto Networks, Citrix ADC servers and Citrix network portals.
The notice says: The group is still targeting these vulnerabilities, but has updated its arsenal to include an exploit For a loophole Affects BIG-IP, a very popular multi-purpose networking device manufactured by F5 Networks.
The FBI does not name the group by its generic names, but is referring to its past attacks against secure VPNs and Citrix gateways.
Once the hackers get into the networks, it is very likely that they provide access to other Iranian groups, or exploit the useless networks in spying by spreading ransomware.
FBI officials also warn that this group is not targeting any specific sector, and any company operating the BIG-IP is likely to be targeted.
The FBI asked US companies to patch their internal BIG-IP devices to prevent successful breaches.
FBI officials also shared details of the typical (Fox Kitten) attack, so companies could implement countermeasures.
While the FBI alert did not mention this, sources indicated that Fox Kitten attacks against BIG-IPs were successful.
It is reported that the state-sponsored hacking groups in Iran are not the only actors who have targeted the BIG-IP vulnerability, as multiple hacker groups began to exploit this bug within two days after the details became public.