F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor
Essential information
- Published
- 24/10/2025 11:09
- Modified
- 24/10/2025 11:48
- Tags
- 2025-10-24 brickstorm f5 big-ip
- Related entities
- 27 vulnerabilities (cve), 3 observables, 1 intrusion sets (apt), 6 techniques (mitre), 1 malware, 3 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (27)
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A …
- Attack vector
- LOCAL
- Published
- 15/10/2025
- Modified
- 21/12/2025
Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel …
- Attack vector
- NETWORK
- Published
- 15/10/2025
- Modified
- 21/12/2025
Observables (3)
-
aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878 -
90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035 -
2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (6)
Malware (1)
-
AlienVault Confidence 100
[BRICKSTORM](https://attack.mitre.org/software/S9015) is a cross-platform backdoor with variants written in Go and Rust that facilitates command and control, the ingress transfer of other malware, and the exfiltration of data.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (3)
-
United States of America
-
Technology
-
Government