June 17, 2024 By Bill Toulas
A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data.
According to a Sygnia report who discovered the intrusion after they were called in to investigate the cyberattack, Velvet Ant established multiple footholds using various entry points across the network, including a legacy F5 BIG-IP appliance that served as an internal command and control (C2) server.
Using the compromised F5 BIG-IP devices, the threat actors could stealthily steal sensitive customer and financial information from the company for three years without being detected.
