The company specialized in cybersecurity F5which currently provides protection services to the majority of Fortune 500 companies, has suffered a cyber attack that has caused the leak of a part of the source code of its productsas well as data of your clients. Currently, F5 has around a thousand clients from large corporations and government organizations.
The company has confirmed, in a communication to the SEC, that on August 9 of this year they discovered that an actor promoted by a nation-state outside the US had gained unauthorized access to certain company systems. From this access, the cyber attackers maintained persistent access to F5’s systems for some time. Among them, BIG-IP’s product development environment and its engineering knowledge management system.
Apparently, according to Reuters, the attackers had access to the company’s systems for at least 12 months. Certain sources have attributed the attack to China, but the agency assures that they have not been able to obtain confirmation in this regard.
As a consequence of this prolonged access over time, the attackers managed to obtain a part of the source code of the BIG-IP platform, as well as information on certain vulnerabilities, which F5 has not specified. The company activated various response processes to the cyberattack as soon as it was aware of its existence, and has had the support of various external cybersecurity experts to mitigate it.
The containment of the cyberattack was successful, and since F5 began to deploy measures to contain the security breach suffered, they have not detected any more unauthorized activity on their systems. Additionally, the investigation carried out as a result of the incident has found no evidence of modifications to the company’s supply chain, source code, or development or release flows. These statements, made by company experts, have also been validated by several independent cybersecurity research companies.
F5 has found no evidence of access to customer CRM data. Nor to its financial systems, incident support management or iHealth. Apart from this, they have not recorded access or modifications to the NGINX source code, the product development environment, its distributed cloud services or the Silverline systems.
Despite this, F5 has confirmed that some files that cyber attackers removed from its knowledge management platform contained information about the configuration of a number of its clients. The company has assured that this is a small percentage of them, and that it has already been in direct contact with those affected.
Although the attack was reported to the SEC in August, it has been several weeks before it was made public, due to The United States Department of Justice authorized the company to delay its public communication. The reason for this delay has not been confirmed, but in the United States authorities may allow companies to do so if there is a notable risk to national security, which may be the case in this case, or to public security.
