The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers.
Israel's National Cyber Directorate acts as the CERT responsible for protecting the country from cyber threats and to warn organizations and citizens about known attacks.
Since October, Israel has been heavily targeted by pro-Palestinian and Iranian hacktivists, who have been conducting data theft and data-wiping attacks on organizations in the country.
In November, a new data wiper called BiBi Wiper was discovered that targeted both Linux and Windows devices and is believed to have been created by pro-Hamas hacktivists.
Yesterday, INCD warned of a new phishing attack deploying data wipers through emails pretending to be a warning about a zero-day vulnerability in F5 BIG-IP devices.
A pro-Palestinian hacktivist group named Handala told BleepingComputer that they were responsible for the phishing attack, stating it was deployed on numerous Israeli networks.
The phishing email warns that the F5 BIG-IP zero-day vulnerability is actively exploited in attacks, urging Israeli organizations to download and install a security update before their network is breached.
For Windows users, the email pushes an executable named F5UPDATER.exe [VirusTotal], and for Linux, the file is a shell script named update.
The Windows wiper will display a small screen branded with the F5 logo that pretends to be a security update installer.
When the Update button is clicked, the wiper will send a message containing the information above the device to a Telegram channel and attempt to wipe all the data from the computer.
In BleepingComputer's tests, the wiper is a bit buggy, not deleting all of the data on a computer.
The Linux wiper is a shell script that first downloads the programs necessary to wipe the computer, which are xfsprogs, wipe, and parted.
These programs are used first to remove all users on the system and then use the 'wipe' command to delete the associated home directions.
The wiper will then attempt to delete all operating system files and the partitions on the Linux device.
Like the Windows wiper, the Linux version will communicate with a Telegram channel to provide information about the device and status updates.
Data wipers have become a massive problem for Israel, with hacktivists commonly using them in destructive attacks to disrupt Israel's operations and economy.
F5 fixes BIG-IP auth bypass allowing remote code execution attacks.
Israel warns of BiBi wiper attacks targeting Linux and Windows.
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks.
Sophos backports RCE fix after attacks on unsupported firewalls.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 20 Dec 2023 21:55:07 +0000