Threat Intelligence, Breach

F5 investigates nation-state cyberattack, says impact remains limited

(Adobe Stock)

U.S. network and security provider F5 has confirmed limited impact from a nation-state cyberattack that allowed persistent access to its systems and led to the theft of BIG-IP source code, customer configuration data, and details on 44 vulnerabilities, according to CyberScoop.

Only a small number of customers, which have since applied emergency updates, were impacted by the already contained incident, said F5 CEO Franois Locoh-Donou. Locoh-Donou added that the stolen data was not sensitive, and customer operations saw minimal disruption. Cybersecurity firms IOActive and NCC Group, which assisted in recovery efforts, found no critical flaws in the stolen code, and F5 continues scanning for potential issues.

The company has expanded its bug bounty program and partnered with CrowdStrike to add EDR capabilities to BIG-IP systems. The attack was discovered in August and disclosed in October. It prompted a federal emergency directive but has not significantly altered F5's outlook. The firm expects up to 4% revenue growth in fiscal 2026.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds