Security

Why the F5 Hack Created an ‘Imminent Threat’ to Thousands of Networks

Bartholome Zieme

October 16, 2025


Thousands of networks—a lot of them operated by the U.S. government and Fortune 500 companies — face an “imminent threat” of being breached by a nation-state hacking group following the breach of a major software maker, the federal government warned Wednesday.

F5, a maker of networking software in Seattle, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an unknown nation-state government had been stealthily and persistently residing in its network over a “long term”. Security researchers who have responded to similar breaches in the past accepted the language that the hackers had been inside the F5 network for years.

Unprecedented

During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a series of server devices used by 48 of the world’s top 50 corporations, according to F5. Wednesday’s disclosure went on to say that the threat group downloaded proprietary BIG-IP source code information about vulnerabilities that had been privately discovered but not yet patched. The hackers also obtained configuration settings that some customers used within their networks.

Control of the build system and access to the source code, client configurations and documentation of unpatched vulnerabilities has the potential to give the hackers unprecedented knowledge of weaknesses and the ability to exploit them in supply chain attacks on thousands of networks, many of which are sensitive. The theft of customer configurations and other data further increases the risk that sensitive credentials could be misused, F5 and outside security experts said.

Customers place BIG-IP at the very edge of their networks for use as load balancers and firewalls, and for inspection and encryption of data moving in and out of networks. Given BIG-IP’s network position and its role in managing traffic for web servers, previous compromises allowed adversaries to extend their access to other parts of an infected network.

F5 said that investigations by two external intrusion response firms have yet to find any evidence of supply chain attacks. The company attached letters from the firms IOActive and NCC Group confirming that analyzes of source code and build pipeline uncovered no signs that a “threat actor has modified or introduced any vulnerabilities in the items in scope.” The firms also said they had not identified any evidence of critical vulnerabilities in the system. Investigators, which also included Mandiant and CrowdStrike, found no evidence that data from its CRM, financial, support case management or health systems had been accessed.

The company released updates for its BIG-IP, F5OS, BIG-IQ and APM products. CVE designations and other details are here. Two days ago, F5 rotated BIG-IP signing certificates, although there was no immediate confirmation that the move is in response to the breach.

Related posts:
  1. US names one of hackers allegedly behind massive salt typhoon breaches
  2. A hacker group in Russia’s infamous sandworm unit violates Western networks
  3. China’s Salt Typhoon spies still hook telecommunications -now by utilizing Cisco -Routers
  4. Hackers likely stole FBI call logs from AT&T that could put insiders at risk

Leave a Reply

Your email address will not be published. Required fields are marked *