{"id":309476,"date":"2025-10-17T01:21:19","date_gmt":"2025-10-17T01:21:19","guid":{"rendered":"https:\/\/www.europesays.com\/us\/309476\/"},"modified":"2025-10-17T01:21:19","modified_gmt":"2025-10-17T01:21:19","slug":"why-the-f5-hack-created-an-imminent-threat-for-thousands-of-networks","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/us\/309476\/","title":{"rendered":"Why the F5 Hack Created an \u2018Imminent Threat\u2019 for Thousands of Networks"},"content":{"rendered":"

Thousands of networks\u2014many of them operated by the US government and Fortune 500 companies\u2014face an \u201cimminent threat\u201d of being breached by a nation-state hacking group following the breach of a major maker of software, the federal government warned on Wednesday.<\/p>\n

F5, a Seattle-based maker of networking software, disclosed the breach<\/a> on Wednesday. F5 said a \u201csophisticated\u201d threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a \u201clong term.\u201d Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network for years<\/a>.<\/p>\n

Unprecedented<\/p>\n

During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 says<\/a> is used by 48 of the world\u2019s top 50 corporations. Wednesday\u2019s disclosure went on to say the threat group downloaded proprietary BIG-IP source code information about vulnerabilities that had been privately discovered but not yet patched. The hackers also obtained configuration settings that some customers used inside their networks.<\/p>\n

Control of the build system and access to the source code, customer configurations, and documentation of unpatched vulnerabilities has the potential to give the hackers unprecedented knowledge of weaknesses and the ability to exploit them in supply-chain attacks on thousands of networks, many of which are sensitive. The theft of customer configurations and other data further raises the risk that sensitive credentials can be abused, F5 and outside security experts said.<\/p>\n

Customers position BIG-IP at the very edge of their networks for use as load balancers and firewalls, and for inspection and encryption of data passing into and out of networks. Given BIG-IP’s network position and its role in managing traffic for web servers, previous compromises<\/a> have allowed adversaries to expand their access to other parts of an infected network.<\/p>\n

F5 said that investigations by two outside intrusion-response firms have yet to find any evidence of supply-chain attacks. The company attached letters from firms IOActive and NCC Group attesting that analyses of source code and build pipeline uncovered no signs that a \u201cthreat actor modified or introduced any vulnerabilities into the in-scope items.” The firms also said they didn\u2019t identify any evidence of critical vulnerabilities in the system. Investigators, which also included Mandiant and CrowdStrike, found no evidence that data from its CRM, financial, support case management, or health systems was accessed.<\/p>\n

The company released updates for its BIG-IP, F5OS, BIG-IQ, and APM products. CVE designations and other details are here<\/a>. Two days ago, F5 rotated<\/a> BIG-IP signing certificates, though there was no immediate confirmation that the move is in response to the breach.<\/p>\n","protected":false},"excerpt":{"rendered":"Thousands of networks\u2014many of them operated by the US government and Fortune 500 companies\u2014face an \u201cimminent threat\u201d of…\n","protected":false},"author":3,"featured_media":309477,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[156404,64,734,13336,20746,712,3858,4995,67,132,68,77070],"class_list":{"0":"post-309476","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"tag-ars-technica","9":"tag-business","10":"tag-cybersecurity","11":"tag-hacking","12":"tag-hacks","13":"tag-internet","14":"tag-networks","15":"tag-security","16":"tag-united-states","17":"tag-unitedstates","18":"tag-us","19":"tag-vulnerabilities"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@us\/115386887923746676","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/309476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/comments?post=309476"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/309476\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media\/309477"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media?parent=309476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/categories?post=309476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/tags?post=309476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}