F5, a provider of security and application delivery solutions, recently disclosed that it was targeted by state-sponsored threat actors who managed to steal sensitive information from its systems. The hackers maintained persistent, long-term access to certain systems, including those associated with the development of the company’s flagship BIG-IP platform.
Details of the Breach
The attackers successfully exfiltrated files, some containing BIG-IP source code and information regarding undisclosed vulnerabilities. However, F5 stated that it is not aware of any critical or remote code execution flaws being among the stolen non-public vulnerabilities, nor is it aware of any active exploitation of these flaws in the wild.
F5 reassured the public that it has no evidence of any modifications to its software supply chain, source code, or build pipelines. The company also found no evidence that the hackers accessed or modified NGINX source code, F5 Distributed Cloud Services, or internal systems used for CRM, finance, or customer support.
The attack was detected on August 9th, but F5 was granted a delay in disclosure by the US Justice Department. The company’s SEC filing on Wednesday indicated that the incident has not had a material impact on its operations so far.
Targeting Source Code and Zero-Days
While F5 has not publicly named the perpetrator, the attack profile strongly suggests a Chinese state-sponsored threat actor. These groups are known for targeting major software companies with the goal of stealing source code, which they can analyze to find zero-day vulnerabilities.
This type of espionage follows a pattern seen in other incidents, such as the ToolShell attacks against SharePoint and campaigns reported by Google's Threat Intelligence Group, where the attackers targeted technology companies specifically to steal source code for future zero-day exploitation. Some files stolen from an engineering knowledge platform contained configuration and implementation data related to a small percentage of customers, who will be notified directly by F5 if required.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
