"Unit 42 is tracking F5’s disclosure of long-term persistent access by nation-state actors. The theft of BIG-IP source code and previously undisclosed vulnerabilities by a nation-state actor is significant as it potentially facilitates rapid exploitation of vulnerabilities.
“Generally, if an attacker steals source code it takes time to find exploitable issues. In this case, they also stole information on undisclosed vulnerabilities that F5 was actively working to patch. This provides the ability for threat actors to exploit vulnerabilities that have no public patch, potentially increasing speed to exploit creation. The disclosure of 45 vulnerabilities in this quarter vs. just 6 last quarter suggests F5 is moving as fast as they can to actively patch these stolen flaws before the threat actors can exploit them.
“F5's prompt disclosure and mitigation guidance are crucial first steps. The top priority for any organization using F5 BIG-IP is to implement mitigation and hardening guidance without delay and begin threat hunting activities immediately.
“This underscores the need for a defense-in-depth strategy in the face of unknown, emerging and previously-identified vulnerabilities.”
/smstreet/media/agency_attachments/3LWGA69AjH55EG7xRGSA.png)
Palo Alto Networks Unit 42 Commentary on F5 Incident
F5's prompt disclosure and mitigation guidance are crucial first steps. The top priority for any organization using F5 BIG-IP is to implement mitigation and hardening guidance without delay and begin threat hunting activities immediately.
"Unit 42 is tracking F5’s disclosure of long-term persistent access by nation-state actors. The theft of BIG-IP source code and previously undisclosed vulnerabilities by a nation-state actor is significant as it potentially facilitates rapid exploitation of vulnerabilities.
“Generally, if an attacker steals source code it takes time to find exploitable issues. In this case, they also stole information on undisclosed vulnerabilities that F5 was actively working to patch. This provides the ability for threat actors to exploit vulnerabilities that have no public patch, potentially increasing speed to exploit creation. The disclosure of 45 vulnerabilities in this quarter vs. just 6 last quarter suggests F5 is moving as fast as they can to actively patch these stolen flaws before the threat actors can exploit them.
“F5's prompt disclosure and mitigation guidance are crucial first steps. The top priority for any organization using F5 BIG-IP is to implement mitigation and hardening guidance without delay and begin threat hunting activities immediately.
“This underscores the need for a defense-in-depth strategy in the face of unknown, emerging and previously-identified vulnerabilities.”