The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released a critical alert regarding a cyber security incident that has affected certain F5 systems, with recommendation on what customers can do to help protect themselves.
F5 advised that in August, it learned a "highly sophisticated" nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.
These systems included the company's BIG-IP product development environment and engineering knowledge management platforms.
The files downloaded contained some BIG-IP source code and information about undisclosed vulnerabilities the company was working on in BIG-IP.
The company has subsequently released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.
"We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities," F5 said.
"There's no evidence of access to, or exfiltration of, data from our CRM, financial, support case management, or iHealth systems. However, some of the exfiltrated files from our knowledge management platform contained configuration or implementation information for a small percentage of customers.
"We have no evidence of modification to our software supply chain, including our source code and our build and release pipelines. We have no evidence that the threat actor accessed or modified the NGINX source code or product development environment, nor do we have evidence they accessed or modified our F5 Distributed Cloud Services or Silverline systems."
Since beginning activities to contain the threat actor, F5 said it has not seen any new unauthorised activity and believes its containment efforts to have been successful.
The ASD's mitigations advice covers organisations operating F5 BIG-IP, BIG-IP Next, F5OS-A/C, or Silverline devices running versions listed in the advisory. Affected builds include major releases 15.x through 17.x, as well as Next SPK, CNF, and Kubernetes versions.
ASD’s ACSC recommends affected organisations to review F5 articles for recommended actions, along with affected versions and patch levels. It also advises affected organisations to apply the recommended fixed versions or engineering hotfixes, and for appliances at end of technical support, upgrade to supported devices.
_(11).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0)
_(8).jpg&w=100&c=1&s=0)
.jpg&q=95&h=298&w=480&c=1&s=1)
