Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cybersecurity firm F5 Networks says government-backed hackers had “persistent, long-term access” to its network, which allowed them to steal company source code and customer information.
in Deposit In a meeting with the US Securities and Exchange Commission on Wednesday, F5 said it now “believes its containment measures have been successful,” after first discovering the hackers in its network on August 9.
The Seattle, Washington-based company, which specializes in providing application security and cybersecurity defenses to large companies and governments, said hackers gained access to BIG-IP’s product development environment and knowledge management systems, which included source code and undisclosed vulnerabilities.
F5 said it was not aware of any modifications to its software during development, and was not aware of any exploitation of the vulnerabilities. Company Posted several updates on Wednesday for its BIG-IP platform to fix undisclosed security flaws and urged customers to patch them.
The company also said that the hackers downloaded configuration and implementation information about some of its customers’ systems, files that could help hackers find and exploit potential design vulnerabilities, and potentially compromise those customers’ systems.
F5 said in the notice that the US Department of Justice allowed the company to delay its public disclosure. An F5 spokesperson did not explain why the delay was allowed, but the Justice Department could allow companies to delay notifying the public if there is a “significant risk to national security or public safety.”
F5 has More than 1000 corporate clients It serves more than 85% of the Fortune 500 companies, which are the largest public companies by revenue, including Banks, technology companies and critical infrastructure companies.
National Cyber Security Center in the United Kingdom Warned on WednesdayAfter F5 is detected, hackers can “enable a threat actor to exploit F5 hardware and software.”
CISA said in an email on Wednesday that it had ordered civilian federal agencies under emergency directives to patch their systems by October 22, citing security risks.
The company did not attribute the attacks to a specific government or nation-state hacking group, and F5 spokesman Dan Sorensen declined to answer TechCrunch’s questions outside the scope of the topic. Published company statementincluding the number of customers affected and whether it is known how the hackers initially compromised.
F5 is the latest technology company in recent years to have been hacked by government hackers, including Microsoft, by China, and Russia, At least twice; Cloud and enterprise technology company Hewlett-Packard Companyand Several other companies As part of a broader Russian cyberattack on software maker SolarWinds.