Hackers are exploiting new F5 bug in the wild

That didn’t take long.

That didn’t take long.

Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions.

“Starting this week and especially in the last 24 hours … we have observed multiple exploitation attempts against our honeypot infrastructure,” researchers from security firm wrote in a blog post Thursday. The situation escalated over the weekend, with proof-of-concept exploits posted to Twitter that make it easier to take advantage of the bug.

Government agencies and big corporations alike use the F5 software, known as BIG-IP, to manage data on their networks. The vulnerability documented by NCC Group could allow an attacker to execute code remotely on a system and delete data. It is one of a slew of BIG-IP flaws that F5 revealed on March 10. Security fixes are available.


“The attackers are hitting multiple honeypots in different regions, suggesting that there is no specific targeting,” Rich Warren, principal security consultant at NCC Group, wrote in an email. “It is more likely that they are ‘spraying’ attempts across the internet, in the hope that they can exploit the vulnerability before organizations have a chance to patch it.”

It was unclear whether the exploitation NCC Group observed went beyond the simulated “honeypot” networks erected by the firm to include intrusion attempts at other organizations. Nor was it clear who was exploiting the flaw. But the F5 vulnerabilities amount to another crucial security issue for organizations already dealing with the widespread exploitation of bugs in Microsoft Exchange Server.

Bad Packets, a Chicago-based threat intelligence provider, reported mass online scanning for the F5 vulnerability being exploited, as Bleeping Computer and Threatpost noted.

“We are aware of attacks targeting recent vulnerabilities published by F5,” Rob Gruening, a spokesman for F5, said in an email Monday. “As with all critical vulnerabilities, we advise customers update their systems as soon as possible.”

This is not the first time that F5’s BIG-IP software has been at the center of high-profile hacking attempts. The Department of Homeland Security’s cybersecurity agency said last July that it had responded to two hacking incidents at U.S. government and private-sector organizations that exploited a flaw in the software.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts