F5 data stolen from product development environment

Hackers from an unknown country infiltrated F5 Networks’ IT environment for months. Access to the development environment for new products and IP may have led to large-scale data theft.

The development environment for BIG-IP was the main target. This product is designed to protect customers’ most important applications and services. Given that F5 has many prominent parties among its 23,000 customers, it is easy to imagine why a state hacker would target the company.

Long-term infiltration discovered

F5 discovered the breach on August 9, 2025. The investigation revealed that attackers had access to critical systems for an extended period of time. They penetrated the BIG-IP product development environment and the technical knowledge management platform.

This access allowed the hackers to steal source code, information about unpublished vulnerabilities, and some customer configuration data. F5 disclosed this in documents submitted to the US SEC, which BleepingComputer has reviewed.

Limited impact on systems

F5’s own software supply chain remained uncompromised. There were also no suspicious code changes within the BIG-IP environment, so it appears that the attackers only exfiltrated data. Other platforms such as CRM and financial systems and support services remained secure. NGINX, F5 Distributed Cloud Services, and Silverline systems also escaped the attack.

Despite the critical nature of the stolen information, F5 states that there is no evidence of actual misuse. The attackers have most likely not used the unknown vulnerabilities for further attacks against systems, according to the security company.

Communication to the outside world

The US government requested a delay in the public notification. On September 12, 2025, the Department of Justice determined that this was justified under regulations. “F5 is now submitting this report in a timely manner,” the company explains.

F5 is still checking which customers had configuration or implementation details stolen. These customers will receive instructions and guidance from the company. F5 states that the incident has no material impact on its business operations. All services remain available and are considered secure.

F5 data stolen from product development environment

Long-term infiltration discovered

Limited impact on systems

Communication to the outside world

Stay tuned, subscribe!

Slack claims that conversation data is a gold mine for AI agents

More than 100 companies likely affected by Oracle hack

Dutch restrict Nexperia to keep its chip secrets outside of China

Managing the AI chaos with ServiceNow's AI Control Tower

Infor's industry-specific ERP strategy and Velocity Suite deep dive

Slack is evolving into a work operating system

Workday CTO outlines bold AI agent strategy and major acquisitions

How to Safeguard and Prepare Exchange Server against Natural Disasters?

Minimizing liability is not the same as security: Lessons learned from Collin’s Aerospace cyberattack

How Split-Second Data Performance and Sovereignty Keep the Netherlands Moving

How to Recover My Archived PST Files in Outlook?

Luxembourg Venture Days

Dell Technologies Forum

BrickCon The Databricks Community Conference

Appdevcon

Webdevcon

Dutch PHP Conference

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices