cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks

Hi All

 

If you have any doubts about China being friendly, these are banished.  Lets get real.

 

https://www.theregister.com/2024/03/22/china_f5_connectwise_unc5174/?utm_medium=share&utm_content=ar...

 

Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US defense organizations, UK government agencies, and hundreds of other entities, according to Mandiant.

The Google-owned threat hunters said they assess, "with moderate confidence," that a crew they track as UNC5174 was behind the exploitation of CVE-2023-46747, a 9.8-out-of-10-CVSS-rated remote code execution bug in the F5 BIG-IP Traffic Management User Interface, and CVE-2024-1709, a path traversal flaw in ConnectWise ScreenConnect that scored a perfect 10 out of 10 CVSS severity rating.

 

Regards

 

Caute_Cautim

 

 

0 Replies