I suppose it's no real surprise that state-to-state cyber warfare is ongoing—probably every minute of every day—but for us regular folk it can be disconcerting to be reminded of it. And the very serious possible consequences. Case in point this breach of a cybersecurity provider that provides networking software to tons of big companies and even some of the US government.
The security incident was filed to the Securities and Exchange Commission (SEC) by the company, F5, Inc., on October 15, and discloses the nature and severity of the issue. F5 says that, in August, it "learned that a highly sophisticated nation-state threat actor had gained unauthorized access to certain Company systems."
According to Bloomsberg's anonymous sources who are "familiar with the matter", this "nation-state threat actor" means hackers backed by China. Also according to Bloomsberg's sources, F5 told customers these hackers were sitting pretty in its network for at least 12 months.
F5 provides networking software for load balancing (distributing network traffic properly to prevent overload), firewalls, traffic encryption, credential checks, and so on, to lots of big companies and government bodies. The company says the hackers downloaded files from F5 systems including "our BIG-IP product development environment and engineering knowledge management platforms."
While the extent of the data downloaded seems somewhat limited—"configuration or implementation information for a small percentage of customers"—it's always difficult to know just how much bad actors will be able to achieve from seemingly limited infiltrations. Often big exploits come off the back of a small entry point.
F5 assures everyone, though, that "we have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities." It will also be "reviewing [the exfiltrated] files and will be communicating with affected customers directly as appropriate."
Despite these assurances, and assurances that F5 is taking and has taken steps to increase security, the United State's Cybersecurity and Infrastructure Security Agency (CISA) has issued a statement highlighting the problem's severity. The agency says it poses a "significant cyber threat targeting federal networks."
CISA claims that the cyber threat posed as a result of this could result in exploitation of organisations using F5 software which could "allow the threat actor to move laterally within an organization’s network, exfiltrate sensitive data, and establish persistent system access, potentially leading to a full compromise of targeted information systems." The agency has provided guidance for organisations that use F5 software.
It's not the first state-sponsored cyberattack to have some legs to it—for instance, just a couple of months ago I reported on attacks on Microsoft SharePoint server customers that prompted FBI involvement. This is just another reminder, among the many, that all is not peaceful in cyberspace. And I suppose the fact that the US government is still shut down raises hairs a little more than otherwise. Fingers crossed the extent of the damage is, indeed, limited.
