Priya Patel“`html
TLDR:
- Chinese threat actors have been hacking F5 load balancers for the last two years, compromising organizations.
- They used sophisticated tactics like DLL side-loading and remote command execution to maintain access to networks.
Hackers have been targeting F5 Load Balancers, a crucial part of many enterprise networks, for the past two years. Security researchers at Sygnia uncovered the activities of Chinese threat actors known as the Velvet Ant group who infiltrated organizations’ systems and exploited vulnerabilities in outdated servers and network appliances. The threat actors demonstrated a high level of operational security awareness and persistence, using techniques like DLL side-loading and leveraging a legacy F5 load balancer with an outdated OS as a covert Command-and-Control channel.
Despite remediation efforts, the threat actors remained in compromised networks for an extended period, showcasing their ability to evade detection and maintain persistence. Security analysts recommend defense strategies such as limiting outbound internet traffic, enhancing security hardening of legacy servers, and mitigating credential harvesting to protect against similar attacks in the future.
“`
