F5 has filed an 8-K admitting a long-term intrusion by a “highly sophisticated nation-state” actor. Data pulled includes portions of BIG-IP source code and info on in-progress vulnerabilities. CISA says the fallout poses a “significant cyber threat” to federal networks.
- What’s new: F5’s SEC 8-K (Oct 15) confirms persistent access, exfiltration from BIG-IP dev and knowledge systems, and limited customer configuration data exposure. The company says there’s no evidence of undisclosed critical RCEs being exploited and no supply-chain tampering.
- Why it matters: BIG-IP sits in front of a lot of enterprise/Gov traffic. Even without a “new” zero-day, leaked design/config intel can accelerate lateral movement and follow-on attacks.
- Action items: Pull latest F5 advisories, audit configs, rotate secrets, and follow CISA’s mitigations for F5 customers; increase telemetry on edge appliances and management planes.
Source: F5 8-K filing · Coverage: PC Gamer (summary + CISA note)
Leave a Reply Cancel reply