Iranian hacking group known as Fox Kitten (or Parisite) attacking F5 networking devices

August 10, 2020

A group of Iranian hackers have been attacking the the US private and government sector, according to a security alert sent by the FBI last week.

ZDNet reports that the Private Industry Notification didn't identify the hackers by name, sources have told ZDNet that the group is tracked by the larger cybersecurity community under codenames such as Fox Kitten or Parisite.

The group, says ZDNet, "operates by attacking high-end and expensive network equipment using exploits for recently disclosed vulnerabilities, before companies had enough time to patch devices. Due to the nature of the devices they attack, targets primarily include large private corporations and government networks. Once the hackers gain access to a device, they install a web shell or backdoor, transforming the equipment into a gateway into the hacked network."

According to ZDNet, the FBI notification says the group still targets vulnerabilities such as:

Pulse Secure "Connect" enterprise VPNs (CVE-2019-11510)
Fortinet VPN servers running FortiOS (CVE-2018-13379)
Palo Alto Networks "Global Protect" VPN servers (CVE-2019-1579)
Citrix "ADC" servers and Citrix network gateways (CVE-2019-19781)

The FBI notes, however, that Fox Kitten upgraded its attack arsenal to include an exploit for CVE-2020-5902, a vulnerability disclosed in early July that impacts BIG-IP, a very popular multi-purpose networking device manufactured by F5 Networks, says ZDNet. "The FBI warns companies that once the hackers gain access to their networks, they are very likely to provide access to other Iranian groups, or monetize networks that aren't useful for espionage by deploying ransomware. While the FBI asked US companies to patch their on-premise BIG-IP devices to prevent successful intrusions, FBI officials also shared details about a typical Fox Kitten attack, so companies can deploy countermeasures and detection rules," notes ZDNet.

For more information, please visit https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Iranian hacking group known as Fox Kitten (or Parisite) attacking F5 networking devices

Related Articles

Related Events

Report Abusive Comment