CISA: Nation-state hackers exploiting US critical information systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a nation-state cyber threat that gained access to U.S. federal government networks due to a vulnerability in software developed by the American company F5.

“A nation-state cyber threat actor poses an imminent risk, with the potential to exploit vulnerabilities in F5 products to gain unauthorised access to embedded credentials and Application Programming Interface (API) keys,” Caliber.Az quotes the Agency as saying in an official statement.

“The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies. These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems,” said CISA Acting Director Madhu Gottumukkala.

Through F5 products used by federal agencies, hackers could steal credentials and security keys of internal systems and gain access to confidential information.

As a result, CISA has ordered government agencies to urgently install updates that patch the vulnerability by October 22.

By Khagan Isayev