Chinese state hackers prime suspects in F5 breach

F5 has released security updates following a large-scale cyberattack believed to have been carried out by Chinese state hackers. The intruders gained prolonged access to the BIG-IP software development environment and stole parts of the source code. The incident is forcing customers worldwide to patch their systems urgently.

The infiltration of the BIG-IP development environment at F5 was immediately linked to state hackers. F5 did not specify the exact country in its October 15 public announcement. According to Bloomberg, there is more insight into the matter internally, and the hacker group has already been linked to China internally.

F5’s BIG-IP products are highly valuable to state hackers because they are used by major companies. For example, 48 of the Fortune 50 companies are part of the customer base.

In addition, the products are deeply integrated into the internal IT systems of many customers, where they provide software security through access control and firewalls, among other things.

At least a year of access

The intruders gained “long-term, persistent access” to certain systems and stole files, including parts of the source code for the BIG-IP suite. According to F5 representatives, the hackers were in the company’s network for at least twelve months.

Sources who spoke to Bloomberg reported that F5 sent a threat hunting guide to customers on Wednesday. The focus of this guide is the Brickstorm malware. According to Mandiant, the hackers behind Brickstorm are known for stealing source code from popular technology providers. Mandiant linked ‘UNC5221’ to the malware, a group of state-sponsored hackers of Chinese origin.

Patches rolled out

The data breach led to warnings from authorities in the US and the UK. The US Cybersecurity and Infrastructure Security Agency (CISA) described it as a “significant cyber threat” and warned that state hackers could exploit vulnerabilities in F5 products.

“The alarming ease with which these vulnerabilities can be exploited by malicious actors calls for immediate and decisive action by all federal agencies,” said CISA Director Madhu Gottumukkala. CISA required all federal agencies to update their F5 technology by October 22.

F5 released security updates today for 44 vulnerabilities, including the vulnerability in BIG-IP. The company emphasized that there is no evidence that attackers actually exploited the undisclosed vulnerabilities.

“Although we are not aware of any critical vulnerabilities that have been exploited, we strongly recommend updating your BIG-IP software as soon as possible,” F5 said. The company added that there is no evidence of changes to the software supply chain.

Chinese state hackers prime suspects in F5 breach

At least a year of access

Patches rolled out

Stay tuned, subscribe!

Salesforce unveils Agentforce 360: AI agents support employees

Salesforce enters ITSM market, will ServiceNow regret its CRM move?

Dutch restrict Nexperia to keep its chip secrets outside of China

Managing the AI chaos with ServiceNow's AI Control Tower

Is ServiceNow competing with Salesforce? We talk to Amit Zavery

SAP's AI migration tools from ECC to S/4HANA: faster and cheaper ERP transitions

How VMware VCF 9 and Tanzu simplify enterprise automation

How to Safeguard and Prepare Exchange Server against Natural Disasters?

Minimizing liability is not the same as security: Lessons learned from Collin’s Aerospace cyberattack

How Split-Second Data Performance and Sovereignty Keep the Netherlands Moving

How to Recover My Archived PST Files in Outlook?

Luxembourg Venture Days

Dell Technologies Forum

BrickCon The Databricks Community Conference

Appdevcon

Webdevcon

Dutch PHP Conference

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices