Particle.news
Download on the App Store
22 ARTICLES
·
10h ago

F5 Confirms Nation-State Breach Exposing BIG-IP Source Code as U.S. Issues Emergency Directive

CISA labels the risk to federal networks imminent, ordering rapid updates.

In this photo illustration, the F5 Networks company logo is seen displayed on a smartphone screen.
corporate building with windows and red F5 logo
F5
blank

Overview

  • F5 disclosed via an SEC 8-K that a highly sophisticated actor maintained long-term access to BIG-IP development and engineering systems, stealing portions of source code, undisclosed vulnerability data, and some customer configuration files.
  • The company says containment actions have been effective, with no new unauthorized activity observed, and investigators report no evidence of software supply‑chain tampering or build‑pipeline modification.
  • CISA issued an emergency directive requiring federal agencies to identify F5 devices and apply updates, with agencies told to patch by October 22, as the UK NCSC separately urged customers to update and harden systems.
  • F5 released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients, provided hardening and threat‑hunting guidance, and partnered with CrowdStrike to offer Falcon EDR for BIG-IP customers.
  • F5 says NGINX, Distributed Cloud Services, and Silverline systems were not affected, CRM/financial/support/iHealth systems were not accessed, and public attribution remains unconfirmed despite media reports.