F5 Networks has confirmed that state-backed hackers gained “long-term, persistent access” to its internal systems, stealing source code and sensitive customer data in one of the most serious breaches to hit a major cybersecurity provider in recent years.
In a filing to the U.S. Securities and Exchange Commission (SEC) on Wednesday, the Seattle-based company said it discovered the breach on August 9 and has since “successfully contained” the intrusion. F5, best known for its BIG-IP application security and load-balancing products used across global enterprises and government networks, revealed that the hackers accessed its product development environment and internal knowledge management systems.
The attackers reportedly stole proprietary source code and details of previously undisclosed security vulnerabilities. While F5 said it found no evidence that its software had been modified or that the vulnerabilities had been exploited, the company has issued critical updates for its BIG-IP platform and urged customers to install the patches immediately.
According to F5, the hackers also downloaded configuration data and deployment details from some customer systems, information that could help adversaries identify weak points and potentially compromise customer networks. The company serves more than 85% of Fortune 500 firms, including banks, technology giants, and critical infrastructure operators, underscoring the potential ripple effects of the breach.
F5 disclosed that the U.S. Department of Justice allowed it to delay public announcement of the incident, a move permitted when immediate disclosure poses a “substantial risk to national security or public safety.” The company did not say which government agency or nation-state the hackers were affiliated with, and its spokesperson declined to provide details on the number of affected customers or how the attackers first gained access.
Following the disclosure, the U.K.’s National Cyber Security Centre (NCSC) issued a warning that attackers could exploit compromised F5 devices and software. Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered all civilian federal agencies to patch affected systems by October 22 under an emergency directive.
F5 joins a growing list of major tech companies targeted by state-sponsored hackers in recent years, including Microsoft, which has been repeatedly breached by China- and Russia-linked actors, and Hewlett Packard Enterprise, which was among the companies compromised during the SolarWinds supply chain attack.
As one of the world’s largest providers of cybersecurity infrastructure, F5’s breach highlights a troubling trend: even the companies tasked with defending others are becoming prime targets in a geopolitical cyber arms race that shows no sign of slowing.
