Security
US government warns of ‘nation-state’ cyber threat exploiting F5 software vulnerabilities
2025-10-16
US government officials have issued an emergency warning after detecting an ongoing cyber campaign targeting federal networks through vulnerabilities in products made by F5, a major cybersecurity and network services company. Authorities described the incident as an “imminent threat” from a nation-state actor seeking to compromise government systems.
In a statement released Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) said the attackers had breached F5’s internal systems, gaining access to sensitive data including portions of its source code and details about product vulnerabilities. Officials warned that the stolen information could be used as a blueprint for future attacks on F5 devices and software used across federal agencies and private-sector networks.
“The cyber threat actor presents an imminent threat to federal networks using F5 products,” CISA said in a statement.
CISA’s Executive Assistant Director for Cybersecurity Nick Andersen said all federal agencies have been ordered to identify any F5 systems on their networks and apply urgent security patches. He also urged private organizations to take immediate action, noting that “the risk of this vulnerability extends to every organization and sector that’s using this product.”
F5 confirmed it had detected unauthorized access to its systems on August 9, though it said the incident had no operational impact. The company said it took “extensive actions” to contain the intrusion, enlisting cybersecurity firms including CrowdStrike, Mandiant, NCC Group, and IOActive to assist in the investigation.
In a filing with the U.S. Securities and Exchange Commission, F5 said the breach involved limited customer data but did not affect its software development process. The U.S. Department of Justice allowed the company to delay public disclosure of the incident until September 12, citing national security concerns.
F5, which serves both public and private sector clients worldwide, said it continues to strengthen its security controls following the breach. Meanwhile, British authorities also issued an advisory urging organizations using F5 software to apply patches immediately to prevent potential exploitation.
The warning underscores growing concern among Western cybersecurity agencies about state-backed hacking groups targeting core network infrastructure — part of a broader pattern of intrusions aimed at critical systems and cloud providers that support government and enterprise operations globally.
In a statement released Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) said the attackers had breached F5’s internal systems, gaining access to sensitive data including portions of its source code and details about product vulnerabilities. Officials warned that the stolen information could be used as a blueprint for future attacks on F5 devices and software used across federal agencies and private-sector networks.
“The cyber threat actor presents an imminent threat to federal networks using F5 products,” CISA said in a statement.
CISA’s Executive Assistant Director for Cybersecurity Nick Andersen said all federal agencies have been ordered to identify any F5 systems on their networks and apply urgent security patches. He also urged private organizations to take immediate action, noting that “the risk of this vulnerability extends to every organization and sector that’s using this product.”
F5 confirmed it had detected unauthorized access to its systems on August 9, though it said the incident had no operational impact. The company said it took “extensive actions” to contain the intrusion, enlisting cybersecurity firms including CrowdStrike, Mandiant, NCC Group, and IOActive to assist in the investigation.
In a filing with the U.S. Securities and Exchange Commission, F5 said the breach involved limited customer data but did not affect its software development process. The U.S. Department of Justice allowed the company to delay public disclosure of the incident until September 12, citing national security concerns.
F5, which serves both public and private sector clients worldwide, said it continues to strengthen its security controls following the breach. Meanwhile, British authorities also issued an advisory urging organizations using F5 software to apply patches immediately to prevent potential exploitation.
The warning underscores growing concern among Western cybersecurity agencies about state-backed hacking groups targeting core network infrastructure — part of a broader pattern of intrusions aimed at critical systems and cloud providers that support government and enterprise operations globally.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
