Iranian hacking group known as Fox Kitten (or Parisite) attacking F5 networking devices

August 10, 2020

A group of Iranian hackers have been attacking the the US private and government sector, according to a security alert sent by the FBI last week.

ZDNet reports that the Private Industry Notification didn't identify the hackers by name, sources have told ZDNet that the group is tracked by the larger cybersecurity community under codenames such as Fox Kitten or Parisite.

The group, says ZDNet, "operates by attacking high-end and expensive network equipment using exploits for recently disclosed vulnerabilities, before companies had enough time to patch devices. Due to the nature of the devices they attack, targets primarily include large private corporations and government networks. Once the hackers gain access to a device, they install a web shell or backdoor, transforming the equipment into a gateway into the hacked network."

According to ZDNet, the FBI notification says the group still targets vulnerabilities such as:

Pulse Secure "Connect" enterprise VPNs (CVE-2019-11510)
Fortinet VPN servers running FortiOS (CVE-2018-13379)
Palo Alto Networks "Global Protect" VPN servers (CVE-2019-1579)
Citrix "ADC" servers and Citrix network gateways (CVE-2019-19781)

The FBI notes, however, that Fox Kitten upgraded its attack arsenal to include an exploit for CVE-2020-5902, a vulnerability disclosed in early July that impacts BIG-IP, a very popular multi-purpose networking device manufactured by F5 Networks, says ZDNet. "The FBI warns companies that once the hackers gain access to their networks, they are very likely to provide access to other Iranian groups, or monetize networks that aren't useful for espionage by deploying ransomware. While the FBI asked US companies to patch their on-premise BIG-IP devices to prevent successful intrusions, FBI officials also shared details about a typical Fox Kitten attack, so companies can deploy countermeasures and detection rules," notes ZDNet.

For more information, please visit https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

Iranian hacking group known as Fox Kitten (or Parisite) attacking F5 networking devices

Related Articles

Related Events

Report Abusive Comment