US cybersecurity company F5 revealed on Wednesday that unidentified attackers infiltrated its systems and stole files containing portions of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product.
The report attributed the activity to a “highly sophisticated nation-state threat actor,” adding that the adversary maintained long-term and persistent access to its networks. The company said it learned of the breach on August 9, 2025, according to a Form 8-K filing with the U.S. Securities and Exchange Commission (SEC).
“We have taken extensive measures to contain the threat actor.” “Since we began these operations, we have not experienced any new malicious activity and believe our containment efforts are successful.”
F5 declined to say how long the attacker had access to the BIG-IP product development environment, but stressed that it has not observed evidence of the vulnerability being exploited in a malicious context. The attackers also did not have access to the company’s CRM, financials, support case management, or iHealth systems.
However, the company acknowledged that some of the files leaked from its knowledge management platform contained configuration and implementation information for a small number of customers. Affected customers will be notified directly after reviewing the file.
After discovering this incident, F5 leveraged services from Google Mandiant and CrowdStrike, increased credential rotation and access controls, introduced tools to more effectively monitor threats, hardened its product development environment with additional security controls, and strengthened its network security architecture.
For optimal protection, we recommend applying the latest updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients as soon as possible.
Source link
