top of page
  • Clipeus

F5 Impersonation Used In A Campaign Against Israel



According to a report of Israel's National Cyber Center, Israeli companies have been recently targeted in a phishing scheme leveraging the fraudulent email address cert[@]f5[.]support. The email address impersonates a purported CERT for the American company F5.


The emails deliver a fraudulent alert urging the recipients to download an update that remediates the recent F5 BIG-IP vulnerabilities.


The attack targets both Linux - with a link enabling a wget command that retrieves a Bash script (update.sh) - and Windows - enabling download of a malicious executable - F5UPDATER.exe - serving as a stager.


The attack chain culminates with deployment of a wiper and leakage of the data of the impacted servers on an attacker-controlled Telegram channel.


According to an analysis released by Intezer, command-and-control has been geolocated in Chelyabinsk, Russia.




Kommentare


Die Kommentarfunktion wurde abgeschaltet.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page