F5 hit by suspected state-sponsored hackers, source code stolen

🔐 F5 targeted by suspected state-sponsored hackers F5, the company behind the BIG-IP platform, has disclosed a cyberattack believed to be carried out by state-backed threat actors, likely linked to China. The attackers maintained long-term access to internal systems and exfiltrated sensitive files, including portions of BIG-IP source code and information on undisclosed vulnerabilities. While F5 confirmed there was no evidence of tampering with its software supply chain or products such as NGINX and Silverline, the breach highlights the growing risks facing technology providers as state actors target source code to uncover zero-day flaws. https://ow.ly/xPpf50XcfMi Supply chain resilience and proactive vulnerability management are no longer optional; they are essential in defending against nation-state threats.

The Cybersecurity and Infrastructure Security Agency is directing agencies to address potential security vulnerabilities in widely used software management devices after the source code and customer data were recently accessed by nation-state hackers.

🚨 F5 Networks Breach: Why Your Vendor’s Security is YOUR Problem Government-backed hackers had long-term access to F5 Networks’ systems, stealing source code and sensitive customer data (TechCrunch). The hackers have access to the BIG-IP development environment which holds source code and vulnerabilities that have not yet been made public. F5 serves over 85% of the Fortune 500, making this breach a potential threat to critical infrastructure and enterprise systems worldwide. If you are an F5 customer, make sure you stay on top of security updates for the foreseeable future. This is why we reinforce the importance of vendor risk management and continuous monitoring of third-party software environments. Businesses should ensure that their suppliers follow secure development practices and disclose vulnerabilities promptly. Cybersecurity isn’t just about your own defenses—it’s about the entire ecosystem you rely on. We're here to help if you need an expert to help develop your vendor risk management program.

This is a big deal. Essentially all organizations that use F5 devices (85% of the Fortune 500 companies) are vulnerable to unknown issues and will have to be on their toes and be very proactive with patching in the coming months & years.

Let’s talk about the recent F5 breach that’s been making waves in the cybersecurity community. F5 confirmed that a nation-state actor gained access to their internal development systems back in August stealing source code and vulnerability-related data. The company says there’s no evidence of tampering with their software builds, but this kind of incident still carries serious long-term risks. When an attacker gets insight into internal code and systems, it’s not just about today’s vulnerabilities it’s about the ones they can now find faster than anyone else. It’s a reminder that supply-chain risks don’t always start with malicious code, sometimes they start with stolen knowledge. Rapid7 published a solid breakdown, recommending everyone with F5 appliances to take action: • Inventory and restrict management interfaces • Apply all recent security updates • Retire unsupported systems • Strengthen monitoring and detection Even if your organization doesn’t use F5 products, this is another call to evaluate how deeply you trust your vendors, where your blind spots are, and how quickly you could respond if one of them was compromised. Source: https://lnkd.in/gQxJppKs #CyberSecurity #F5 #SupplyChainSecurity #IncidentResponse #RiskManagement #Infosec #Resilience #CISSP #CISA #CISM

For those working with and managing F5's: "F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product." More info via BleepingComputer: https://lnkd.in/eQ9kK7Fa F5 has issued patches to address 44 vulnerabilities (inc. the the ones stolen in the breach) https://lnkd.in/ef9wejHs #F5 #BIGIP #security #vulnerabilities #ADC #EUC #BleepingComputer #Mandiant

"The attackers managed to exfiltrate some files, including ones containing BIG-IP source code and information on undisclosed vulnerabilities. However, F5 says it’s not aware of any non-public vulnerabilities that are critical or allow remote code execution, and it’s also not aware of any active exploitation of undisclosed flaws. " https://lnkd.in/eEZ6njGM

🛡️ Great insight from Jeffery Wang. The F5 breach shows what #soldiers and cyber defenders already know: no defence is perfect, but resilience decides who stays standing. • In the 🇦🇺Army Reserve 🫡, we plan every mission knowing contact with the enemy will change the plan. The same truth applies in cybersecurity. • The goal is not invulnerability. It is containment, recovery, and adaptation. • Every incident is an opportunity to learn faster than the adversary. ✅Resilience is not weakness. It is readiness. 👉Because in both #defence and #cyber, giving up is never an option. #CyberSecurity #ArmyReserve #Leadership #Resilience #IncidentResponse #CyberResilience #NationalSecurity #Adaptability #RiskManagement

Cybersecurity and networking company F5 disclosed that a “highly sophisticated” nation-state threat actor infiltrated its internal systems this summer, stealing portions of the company’s BIG-IP source code and details about software vulnerabilities.

The cybersecurity vendor, F5, has recently disclosed a long-term and persistent cyberattack had happened on August. Hackers had been infiltrating certain F5 internal systems over an extended period, stealing source code, customer configuration files, and documentation of unpatched vulnerabilities. F5 Networks has issued quarterly security notification detailing updates for the affected products. HKCERT urges users to apply F5 BIG-IP and related patches immediately, as well as update login credentials to mitigate security risks. For more details, please refer to HKCERT's security bulletin: https://lnkd.in/g2zCjyRb