Groups of attackers are actively exploiting known vulnerabilities in F5, Pulse Secure, Citrix, Exchange and BIG-IP to attack organizations, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security said in warnings.
It would be groups operating from Iran and China. The group actively searches the Internet for vulnerable Remote Access and Exchange servers and then tries to access them. This concerns vulnerabilities in the aforementioned products for which security updates have been available for some time. Once accessed, attackers attempt to obtain administrator credentials. These group are also said to sell access to compromised organizations to cyber criminals.
Both federal US government agencies and other US-based networks have become the target of the attackers.