Iranian Hackers Target Critical Vulnerability in F5’s BIG-IP
An Iranian state-sponsored hacking group has been observed by security researchers targeting a critical vulnerability in F5 Network’s BIG-IP application delivery controller. Although the bug was addressed in early July, it has a CVSS score of 10, meaning that it is of high severity. The flaw, CVE-2020-5902, allows remote attackers to take over a targeted system.
F5 Networks patched the bug and released advisories for it, however, the first attacks targeting the vulnerability were observed several days after these releases. Positive Technologies discovered and reported the bug, identifying over 8,000 vulnerable devices. Attackers soon discovered how to bypass the patches and mitigations in place for the vulnerability, and the CISA subsequently warned of threat actors exploiting the bug, targeting US government and commercial entities.