![](https://static.wixstatic.com/media/34c96e_e558d51f09d140bbb9695b3b77b57285~mv2.jpg/v1/fill/w_147,h_147,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_e558d51f09d140bbb9695b3b77b57285~mv2.jpg)
According to a report of Israel's National Cyber Center, Israeli companies have been recently targeted in a phishing scheme leveraging the fraudulent email address cert[@]f5[.]support. The email address impersonates a purported CERT for the American company F5.
The emails deliver a fraudulent alert urging the recipients to download an update that remediates the recent F5 BIG-IP vulnerabilities.
The attack targets both Linux - with a link enabling a wget command that retrieves a Bash script (update.sh) - and Windows - enabling download of a malicious executable - F5UPDATER.exe - serving as a stager.
The attack chain culminates with deployment of a wiper and leakage of the data of the impacted servers on an attacker-controlled Telegram channel.
According to an analysis released by Intezer, command-and-control has been geolocated in Chelyabinsk, Russia.