A potentially “catastrophic” breach of a major US-based cybersecurity provider has been blamed on state-backed hackers from China, according to people familiar with the matter.
F5 Inc. The Seattle-based company announced in a regulatory filing Wednesday morning that nation-state hackers breached its networks and gained “long-term, persistent access” to certain systems. The intruders stole files including parts of the source code from the company’s BIG-IP suite of application services, which are widely used by Fortune 500 companies and government agencies, in addition to detailing some of the flaws that could be used to target the company’s customers.
F5 representatives told customers that the hackers had been on the company’s network for at least 12 months, according to the people, who asked not to be named because they were not authorized to speak publicly about the incident.
One of the people said F5 CEO François Locoh-Donou was personally informing customers about the timeline and China-linked hackers. F5 did not respond to messages seeking comment.
“Regarding such a baseless allegation without evidence, we have made China’s position clear more than once,” Chinese Foreign Ministry spokesman Lin Jian said at a regular press conference in Beijing on Thursday. “China always opposes hacking activities and fights against them in accordance with the law. And China definitely opposes the spread of disinformation outside of the political agenda.”
F5’s BIG-IP products are an integral part of the IT systems of many large organizations. They perform many functions, including “load balancing,” which refers to directing traffic to the appropriate systems to keep applications running smoothly, and wrapping these software programs in security features such as access control mechanisms and firewalls to keep hackers out.
Cybersecurity experts said the main concern about the BIG-IP source code hack is that hackers could find ways to infiltrate these systems to monitor and possibly manipulate traffic and gain access to sensitive data that would be difficult to detect.
F5 on Wednesday sent customers a threat detection guide for a type of malware called Brickstorm used by a Chinese state-backed hacking group, according to people familiar with the matter.
The hackers behind Brickstorm are known to steal source code from popular technology providers to look for software bugs, according to Mandiant, Google’s threat analysis arm. They then use those flaws to infiltrate the technology provider’s customers, according to a report from Mandiant published earlier this year about the cyber campaign.
Mandiant described the hackers behind Brickstorm as “UNC5221” and an “espionage actor in China” they have observed targeting organizations since 2023.
The cyber security company’s breach prompted warnings from authorities in the US and UK.
The US Cybersecurity and Infrastructure Agency issued an emergency directive on Wednesday describing it as a “significant cyber threat targeting federal networks using certain F5 devices and software.” It warned all federal agencies to update their F5 technology by October 22.
The agency warned that nation-state hackers could exploit vulnerabilities in F5 products to gain access to credentials and tools that would allow them to roam a company’s network, steal sensitive data and compromise entire information systems.
“The alarming ease with which these vulnerabilities can be exploited by malicious actors requires immediate and decisive action by all federal agencies,” CISA Acting Director Madhu Gottumukkala said in a statement. “The same risks apply to any organization using this technology, which can lead to catastrophic compromise of critical information systems.”
Britain’s National Cyber Security Center also issued a breach alert on Wednesday, warning that hackers could use their access to F5’s systems to exploit the company’s technology and identify other vulnerabilities. The UK government has urged customers to identify all F5 products, assess whether these devices have been compromised, notify the NCSC of potential breaches and install the latest security updates.
With help from Philip Glamann.
This article was generated from an automated news agency source without text modification.
