F5 BIG-IP Breach Leads to Enterprise Compromise via Confluence

Attackers exploited an exposed F5 BIG-IP edge appliance to launch a multi-stage intrusion targeting Linux systems. The threat actors pivoted to an internal Confluence server to steal credentials and compromise user identities. The attack involved attempts at Kerberos relay attacks and lateral movement across the network. Microsoft Defender successfully detected and blocked the attack chain, providing insights into how such edge appliance compromises can escalate into enterprise-wide threats. Organizations should secure exposed edge devices and monitor for suspicious lateral movement activities. Source: Microsoft Security Blog.