The state-backed hackers who breached cybersecurity company F5 Inc. broke in beginning in late 2023 and l
urked in the company’s systems until being discovered in August of this year, according to people who were briefed by F5 about the incident.
The attackers penetrated F5’s computer systems by exploiting software from the company that had been left vulnerable and exposed to the internet, according to
the people. F5 told customers that the hackers were able to break in after the firm’s staff failed to follow the cybersecur
ity guidelines it provides customers, said the people, who spoke on the condition that they not be identified because they were not authorized to discuss the matter.
A spokesperson for F5 declined to comment.
Seattle-based F5 disclosed earlier this week in a regulatory filing that it had learned on Aug. 9 that nation-state hackers had compromised its systems and
gained “long-term, persistent access.” The intruders download
ed some files from F5’s BIG-IP suite of application services, including
some source code and information about undisclosed vulnerabilities the company was working to fix.
Chinese state-backed hackers were behind the attack, according
to people familiar with the matter. A Chinese official called the claim “groundless accusations made without evidence.”
See more beautiful photo albums Here >>>
The disclosure sent F5 shares plunging by more than 10% on Oct. 16.
F5’s BIG-IP platform is an integral part of many large organizations’ IT systems. It performs many functions, including
“load balancing,” which refers to directing traffic to the appropriate s
ystems so that applications run smoothly, and wrapping those software programs in security f
eatures to prevent hackers from accessing them.
Cybersecurity experts say the primary concern with the breach is that the hackers may have used the stolen sour
ce code to look for or develop ways to silently surveil and manipulate the traffic flowing through those devices or to shut them down entirely.
The attack prompted alerts from governments in the US and UK, with
one American official warning of potentially “catastrophic” consequences. F5’s customers include government agencies and 85% of the Fortune 500.
In the days since the announcement, F5 officials, including Chief
Executive Officer Francois Locoh-Donou, has briefed customers about the incident, Bloomberg has reported. The co
mpany has hired cybersecurity firms CrowdStrike Holdings Inc. and Google’s Mandiant, in addition to working with law enforcement and government officials.
The attackers used a type of malware called Brickstorm, according to people familiar with the matter. Brickstorm is known to be used by a suspected “Chi
nese-nexus threat actor,” who has used it to maintain “long-term stealthy access” to technology providers, legal service and business process outsourcers, according to Mandiant.