Pablo Gonchar | SOPA Images | Light Rocket | Getty Images
US cybersecurity company F5 closed 10% on Thursday after disclosing a system breach in which a “highly sophisticated nation-state threat actor” gained prolonged access to some systems.
It was the worst day since April 27, 2022, when stock prices fell 12.8%.
The company disclosed the breach in a filing with the Securities and Exchange Commission on Wednesday, saying the hack affected its BIG-IP product development environment. F5 said the attackers injected a file containing some source code and information about “undisclosed vulnerabilities” in BIG-IP.
Bloomberg later reported that the breach was the work of hackers backed by the Chinese government, citing people familiar with the matter.
F5 was made aware of the attack in August but said it had not seen any evidence of new wrongdoing.
“We are not aware of any undisclosed critical vulnerabilities or remote code vulnerabilities, nor are we aware of any active exploitation of any undisclosed F5 vulnerabilities,” F5 said in a statement.
According to Bloomberg, the cybersecurity giant told customers that the hackers had been in the network for at least 12 months and that malware called Brickstorm was used in the breach.
F5 does not confirm any information.
Google Threat Intelligence Group said in a blog post that Brickstorm was caused by a suspected China-related threat called UNC5221. Mandiant said the malware is used to maintain “long-term stealth access” and can remain undetected on a victim’s system for an average of 393 days.
In response to the attack, the Cybersecurity and Infrastructure Security Agency issued an emergency directive on Wednesday directing all government agencies using F5’s software or products to apply the latest updates.
“These vulnerabilities are incredibly easy to exploit by malicious actors and require immediate and decisive action by all federal agencies,” said CISA Acting Director Madhu Gotumukkara. “These same risks extend to any organization that uses this technology, potentially leading to a catastrophic breach of critical information systems.”
The UK’s National Cyber Security Center also issued guidance on the F5 attack, advising customers to install security updates and continue monitoring for threats.
