F5 Networks Breached: Hackers Stole Code and Customer Data
▼ Summary
– F5 Networks experienced long-term unauthorized access by government-backed hackers who stole source code and customer information.
– The company discovered the breach on August 9 and believes its containment actions have been successful.
– Hackers accessed F5’s BIG-IP development environment and knowledge systems, including undisclosed vulnerabilities, but no software modifications or exploitation were detected.
– F5 delayed public disclosure with DOJ permission, possibly due to national security risks, and serves major corporations including Fortune 500 companies.
– Security agencies issued warnings and directives for customers to patch systems, while F5 did not attribute the attack to a specific government or group.
F5 Networks has confirmed a significant security breach in which state-sponsored hackers gained prolonged access to its internal systems, resulting in the theft of proprietary source code and sensitive customer data. The company, a major provider of application security solutions for corporations and government entities, detected the intrusion on August 9 and has since implemented containment measures it believes are effective.
According to a filing with the U.S. Securities and Exchange Commission, the attackers infiltrated F5’s BIG-IP product development environment and knowledge management systems. These repositories contained not only the company’s source code but also details of previously undisclosed security vulnerabilities. While F5 stated it found no evidence that its software was tampered with during development or that these vulnerabilities have been actively exploited, the company released several updates for its BIG-IP platform to address the security flaws and is urging all customers to apply the patches immediately.
The breach also involved the theft of configuration and implementation data related to specific customer systems. This type of information could potentially assist threat actors in identifying design weaknesses and launching subsequent attacks against those organizations. F5 acknowledged that the U.S. Department of Justice permitted a delay in public disclosure of the incident, a step sometimes authorized when a disclosure poses a substantial risk to national security or public safety.
With a client roster that includes over 1,000 corporate customers and more than 85% of the Fortune 500, spanning financial institutions, technology firms, and critical infrastructure operators, the implications of this breach are far-reaching. In response to F5’s disclosure, the U.K.’s National Cyber Security Centre issued an alert warning that the stolen data could be leveraged to exploit F5 devices and software. Similarly, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) directed federal civilian agencies to patch affected systems by October 22 under an emergency directive.
F5 has not attributed the attack to any specific nation-state or hacking group. A company spokesperson declined to provide further details beyond the official statement, including the number of impacted customers or the initial method of intrusion. This incident places F5 among a growing list of technology companies targeted by government-backed hackers in recent years, a group that includes Microsoft, Hewlett Packard Enterprise, and several firms affected by the widespread SolarWinds cyberattack.
(Source: TechCrunch)
