The U.S. government has issued an urgent cybersecurity warning after detecting attempts by a suspected nation-state hacking group to exploit vulnerabilities in products made by the cybersecurity firm F5, according to federal officials on Wednesday.
In a statement and an accompanying emergency directive, the Cybersecurity and Infrastructure Security Agency (CISA) said the hackers had breached F5’s internal systems, stealing files that included parts of its source code and information about software vulnerabilities. Officials warned that the stolen data could serve as a “roadmap” for future intrusions into government networks using F5 products.
“The cyber threat actor presents an imminent threat to federal networks,” CISA said in its directive.
CISA’s Executive Assistant Director for Cybersecurity, Nick Andersen, said federal agencies have been ordered to identify and update all F5 devices on their systems immediately. He urged private organizations to take similar precautions, stressing that the vulnerability extends far beyond federal networks.
“The risk of this vulnerability extends to every organization and sector using this product,” Andersen noted, adding that no U.S. civilian agency had yet reported a confirmed breach.
Earlier, F5 acknowledged detecting unauthorized access to parts of its network, confirming that a threat actor had gained entry to company systems. The company said the incident had no operational impact and that it had acted swiftly to contain the breach.
According to an SEC filing, F5 discovered the intrusion on August 9 and launched an internal investigation with the help of major cybersecurity firms, including CrowdStrike, Mandiant, NCC Group, and IOActive.
The firm said it has since implemented “extensive remedial actions” and continues to coordinate with federal authorities to mitigate potential downstream risks to customers.
About the Author
