Inside the Velvet Ant’s Web: F5 BIG-IP Vulnerabilities Exposed

Cybersecurity threats have evolved beyond traditional attack vectors. One such sophisticated campaign involves the exploitation of F5 BIG-IP appliances by a group known as ‘Velvet Ant.’ In this blog post, we delve into the details of this stealthy data theft operation, shedding light on the techniques employed and the implications for organizations worldwide.

According to a Sygnia report, which discovered the breach after being called in to investigate the cyberattack, Velvet Ant established multiple footholds across the network, including a legacy F5 BIG-IP appliance that served as an internal command and control (C2) server.

The ‘Velvet Ant’ Group

The ‘Velvet Ant’ group, suspected to have ties to Chinese state-sponsored actors, has been active since at least 2017. Their primary focus is on cyber espionage, targeting government entities, defense contractors, and critical infrastructure organizations. Their modus operandi involves gaining persistent access to internal networks, exfiltrating sensitive data, and maintaining long-term presence without detection.

F5 BIG-IP Appliances: A Prime Target

F5 BIG-IP appliances are widely used for load balancing, application delivery, and security functions. Unfortunately, their ubiquity also makes them an attractive tar

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.