March 17, 2026

Sensitive F5 Systems are Breached by Nation-State Hackers and Lost Client Data

daksh kataria October 16, 2025 0
f5-systems-data-breached
Post Views: 391

“A huge chunk of data has been lost to nation-state hackers who breached sensitive F5 Systems.”

F5

Hackers with government support gained access to the engineering resource site and production environment of enterprise technology vendor F5.

 

In a statement, F5, a company that sells data delivery and application security products, claimed that “a highly sophisticated nation-state threat actor” had gained access to its “engineering knowledge management platforms” and the development platform for its flagship BIG-IP platform, stealing some of the company’s files.

 

“Some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP” were included in the stolen files.

 

It further stated that, to the best of its knowledge, none of the vulnerabilities included remote code execution or contained serious defects. “Active exploitation of any undisclosed F5 vulnerabilities” is something that F5 also denied knowing about.

 

The hackers had “long-term, persistent access” to F5’s servers, the company said. Although it could not specify when the attack started, it claimed to have learned about it in August. A representative for F5 refused to comment on the breach.

 

“Modification to our software supply chain, including our source code and our build and release pipelines,” according to F5, was not evident. According to the company, that conclusion was supported by two separate audits.

Information on how “a small percentage of customers” had set up their F5 products was included in some of the files taken from the knowledge management platform. This information might be used by hackers to plot attacks against those companies.

image shows f5-data-breach

CISA Issues an Emergency Directive

The U.S. government is rushing to find out whether hackers compromised the F5 products of any governmental institutions. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) directed federal civilian agencies to install F5’s security upgrades, withdraw the administration interfaces of specific products from the public internet, and promptly identify all impacted equipment.

The majority of the impacted goods must be patched by October 22; the remaining products must be patched by October 31. Except for mission-critical requirements, CISA mandated that agencies disconnect all end-of-life devices.

During a briefing on Wednesday, Nick Andersen, CISA’s executive assistant director for cybersecurity, informed reporters that the agency is not yet aware of any breaches. He refused to say which nation-state actor was in charge of the F5 breach.

The event immediately brought to mind Russia’s SolarWinds espionage operation, in which agents from the Kremlin infiltrated the IT software provider and altered its code. Hackers might traverse across the networks of vulnerable firms, get permanent access, and steal private information, such as API keys and passwords, by taking advantage of flaws in F5’s products.

Nick Andersen

The possible “downstream effects” on F5’s clients in the public and private sectors are extremely concerning.

 

“Our supply chain is being impacted by this as part of a larger strategic campaign.”

 

To alert stakeholders about essential infrastructure sectors, CISA is collaborating with the organizations in charge of monitoring those sectors.

 

CISA’s capacity to handle the F5 crisis has not been hampered by the closure or the recent expiration of a significant information-sharing law.

 

Andersen informed reporters that “those who would be working on this incident are not among the impacted staff.”

 

F5 Systems

Andersen informed reporters that the federal government had thousands of F5 products. CISA intended to advise state and municipal governments later in the day, after briefing other agencies on its emergency directive.

In addition to dealing with furloughs, forced reassignments, and layoffs brought on by the continuing federal shutdown, CISA is organizing the reaction to the F5 hack.

About The Author

Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”

Read More:

US seizes ₹12,336 Crores in Bitcoin; charges Cambodian mogul with crypto fraud and forced labor

About Author

daksh kataria

See author's posts

More Stories

8th Pay Commission Scam Apps: A New Wave of Cyber Fraud Threats

8th Pay Commission Scam Apps: A New Wave of Cyber Fraud Threats

Vaibhav March 17, 2026
Hackers Attempt to Breach Poland's Nuclear Research Centre, Raising Concerns Over Cybersecurity

Hackers Attempt to Breach Poland’s Nuclear Research Centre, Raising Concerns Over Cybersecurity

Vaibhav March 16, 2026
Bahrain Hospital Ransomware Attack: Data Leak Threat Looms

Bahrain Hospital Ransomware Attack: Data Leak Threat Looms

Vaibhav March 16, 2026

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Cyber Security News

CISA Warns of Exploited Wing FTP Vulnerability from 2022

CISA Warns of Exploited Wing FTP Vulnerability from 2022

Vaibhav March 17, 2026
Imprivata Enhances NHS Access Security with Passwordless Authentication Controls

Imprivata Enhances NHS Access Security with Passwordless Authentication Controls

Vaibhav March 17, 2026
Automated PII Removal for Secure AI Data with Veritone

Automated PII Removal for Secure AI Data with Veritone

Vaibhav March 17, 2026
Secure Continuous Integration and Delivery with Chainguard's Default Actions

Secure Continuous Integration and Delivery with Chainguard’s Default Actions

Vaibhav March 17, 2026
8th Pay Commission Scam Apps: A New Wave of Cyber Fraud Threats

8th Pay Commission Scam Apps: A New Wave of Cyber Fraud Threats

Vaibhav March 17, 2026
en_USEnglish
en_USEnglish