<p>Some experts and lawmakers warn U.S. cyberdefenses are becoming more vulnerable by the day, as nation-state threats escalate. That one-two punch could have serious implications for national security and both public- and private-sector cyber-risk.</p>
<p>This week’s featured articles cover a major nation-state attack that experts are comparing to the <a href=”https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know”>SolarWinds breach</a>, a China-based threat group’s concerning use of a legitimate security tool for malicious purposes and further workforce reductions at CISA.</p>
<section class=”section main-article-chapter” data-menu-title=”Nation-state hackers target F5, sending federal government scrambling”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Nation-state hackers target F5, sending federal government scrambling</h2>
<p>An unnamed nation-state threat actor breached F5’s systems, the vendor said this week, gaining long-term, persistent access to the company’s engineering platforms and stealing sensitive data. The attackers obtained BIG-IP source code, information about undisclosed vulnerabilities and customer configuration details that could enable future attacks.</p>
<p>F5 said it discovered the breach in August but didn’t disclose when it began. In response, CISA issued an emergency directive requiring federal agencies to immediately secure their F5 devices, patch most affected products by Oct. 22 and disconnect end-of-life systems.</p>
<p>The incident evokes the SolarWinds attack and raises concerns about supply chain security, though F5 said it has found no evidence of software tampering. Thousands of F5 products are deployed across federal agencies.</p>
<p>In the private sector, nearly every organization in the Fortune 50 reportedly uses F5 technology. Researchers at Palo Alto Networks said that as of Oct. 15 — the day after F5 announced the attack — they had identified more than <a target=”_blank” href=”https://www.cybersecuritydive.com/news/f5-supply-chain-hack-internet-connected-devices-stats/803108/” rel=”noopener”>600,000 unpatched, internet-facing F5 network security devices</a>.</p>
<p><i><a target=”_blank” href=”https://www.cybersecuritydive.com/news/f5-supply-chain-breach-nation-state-cisa/802887/” rel=”noopener”>Read the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: