F5 Data Breach Attack

Blog

Byadmblake October 18, 2025

What is the Attack? A sophisticated nation-state actor gained long-term access to F5’s corporate networks and exfiltrated files from BIG-IP product development and engineering knowledge-management systems, including portions of BIG-IP source code and information about previously undisclosed vulnerabilities. F5 has released security updates and advisories covering affected products. The stolen data could accelerate exploit development…

What is the Attack?

A sophisticated nation-state actor gained long-term access to F5’s corporate networks and exfiltrated files from BIG-IP product development and engineering knowledge-management systems, including portions of BIG-IP source code and information about previously undisclosed vulnerabilities. F5 has released security updates and advisories covering affected products.

The stolen data could accelerate exploit development and raise the risk of targeted attacks due to the following factors:

•

High exposure: BIG-IP devices are widely deployed and often internet-facing.

•

Increased risk: Stolen source code shortens the time needed to develop exploits.

•

Critical role: Compromise of BIG-IP can lead to credential theft, lateral movement, and data exfiltration.

In response to F5’s disclosure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive

ED 26-01: Mitigate Vulnerabilities in F5 Devices | CISA.

What is the recommended Mitigation?

Patch immediately – Apply the latest F5 updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients as soon as possible, as mentioned on the advisory.

Quarterly Security Notification (October 2025)
Restrict access: Limit BIG-IP management interfaces to trusted networks only.
Monitor for anomalies: Watch for unusual admin logins, large data transfers, or new repositories.
Hunt proactively: Check for suspicious activity involving F5 appliances or related infrastructure.

What FortiGuard Coverage is available?

Active tracking: FortiGuard Labs is monitoring this campaign and will release IPS, WAF, and threat intelligence updates as exploit activity evolves.
IoT Device Detection: FortiGuard’s IoT Device Detection Service helps identify F5 devices across your network.

IoT Device Detection | FortiGuard Labs
Incident Response: Organizations suspecting compromise can contact the FortiGuard Incident Response team for rapid containment and remediation support.

Blog

Pandas Galore: Chinese Hackers Boost Attacks in Latin America

Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.

Read More Pandas Galore: Chinese Hackers Boost Attacks in Latin America
Blog

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that…

Read More ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
Blog

Ghost Ransomware Targets Orgs in 70+ Countries

The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.

Read More Ghost Ransomware Targets Orgs in 70+ Countries
Blog

‘TruffleNet’ Attack Wields Stolen Credentials Against AWS

Reconnaissance and BEC are among the malicious activities attackers commit after compromising cloud accounts, using a framework based on the TruffleHog tool.

Read More ‘TruffleNet’ Attack Wields Stolen Credentials Against AWS
Blog

China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions

Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. “The first sighting of its activity was in the second quarter of 2023; back then,…

Read More China-Linked Earth Alux Uses VARGEIT and COBEACON in Multi-Stage Cyber Intrusions
Blog

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Threat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese state-sponsored hacking group called Flax Typhoon, which is also tracked as Ethereal Panda and RedJuliett. According…

Read More Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year

Related