Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims

Files purporting to be an F5 vulnerability patch are deleting server contents.

Dark Reading Staff, Dark Reading

December 20, 2023

1 Min Read
Colored pencils and a notebook with a list of items related to wipers
Source: Ragma Images via Alamy Stock Photo

Israel's National Cyber Directorate (NCD) has issued an "urgent warning" about a targeted email campaign impersonating F5 Networks that delivers a dangerous wiper malware.

The lure for the attack is a critical authentication bypass vulnerability in F5's BIG-IP, disclosed in late October. At the time, F5 said one way to resolve the vulnerability was to download and run a special shell script file on the BIG-IP system.

In the message, the attacker capitalized on this, informing the recipient that an attached file is the update for the vulnerability. The emails are sent from "cert @," and the file is generically named "" The download actually contains a wiper that deletes any F5 servers that admins run it on, according to the agency's alert. The good news is that the malware is unable to move laterally from server to server, so the extent of any given attack is dependent on the admin running the file on multiple instances.

According to the analysis, the file identifier for each attack is unique to each victim, as is the URL to download the payload. The NCD said this will make identifying other attacks more difficult.

It was not clear how many detections there have been so far, or who has been specifically targeted.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights