A China-nexus state-sponsored actor called Velvet Ant was observed conducting espionage after establishing persistence in a large organization’s network for three years by exploiting two legacy F5 BigIP appliances with outdated, vulnerable operating systems. In a June 17 blog post, Sygnia researchers explained that F5 Big-IP load balancer appliances occupy a trusted position within the network, often placed at the perimeter or between different network segments.

Source: SC Magazine