7 months ago
2
U.S. authorities officials said connected Wednesday that national networks are being targeted by an unidentified "nation-state cyber menace actor" that's trying to exploit vulnerabilities successful products made by the cybersecurity institution F5.
In a connection and an accompanying exigency directive, the Cybersecurity and Infrastructure Security Agency said hackers had compromised F5's systems and extracted files, including a information of its root codification and accusation astir vulnerabilities, and could usage the cognition arsenic a roadmap to interruption into F5 devices and software, thing that could yet pb to a afloat compromise of the targeted networks.
"The cyber menace histrion presents an imminent menace to national networks" utilizing F5 products, CISA said.
CISA's Executive Assistant Director for Cybersecurity Nick Andersen told reporters that authorities officials were being ordered to place F5's devices connected their web and use urgent updates. Andersen encouraged others to bash the same, noting that "the hazard of this vulnerability extends to each organisation and assemblage that's utilizing this product."
Andersen refused to accidental who the hackers were and said determination had truthful acold been nary grounds of immoderate compromise astatine a U.S. civilian agency.
Earlier, F5 said it had detected unauthorised entree to definite institution systems by a menace actor, but the breach had nary interaction connected its operations.
The institution discovered the intrusion connected August 9 and took "extensive actions" to incorporate the threat, engaging outer experts, including CrowdStrike, Mandiant, NCC Group and IOActive, to assistance with the investigation, it said successful a filing with the U.S. Securities and Exchange Commission. The institution said it recovered nary signs that its bundle improvement process had been tampered with. F5, which has clients crossed the backstage and nationalist sector, said accusation from a fewer customers was progressive successful the breach, and it was reaching retired to those affected directly.
The institution continues to fortify its information controls and infrastructure pursuing the incident, it said, adding that the U.S. Department of Justice had approved a hold successful publically disclosing the breach until September 12, citing nationalist information considerations.
British authorities besides issued an alert urging F5 users to update their software.
