Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Cybersecurity firm F5 Networks said government-backed hackers had “long-term, uninterrupted access” to the network, allowing them to steal company source code and customer information.
In A filing With the US Securities and Exchange Commission on Wednesday, F5 said it now “believes its containment actions have been successful,” after first discovering hackers on its network on Aug. 9.
The Seattle, Washington-based company, which specializes in providing application security and cybersecurity protection for large companies and governments, said hackers accessed its BIG-IP product development environment and its knowledge management systems, including source code and publicly undisclosed security vulnerabilities.
F5 said it was not aware of any changes to its software during development, nor was it aware of any exploitation of the vulnerability. Company Several updates have been released Wednesday to address undisclosed security flaws for its BIG-IP platform and urged customers to patch them.
The company also said hackers downloaded configuration and implementation information about some of its customers’ systems, files that could help hackers find and exploit potential design vulnerabilities and potentially hack into those customers’ systems.
F5 said in the notice that the US Department of Justice has allowed the company to delay its disclosure. An F5 spokeswoman would not say why the delay was allowed, but the DOJ may allow companies to stop notifying the public if there is a “substantial risk to national security or public safety.”
There is F5 Over 1,000 corporate customers and serves more than 85% of the Fortune 500, the largest public companies by revenue, including Banks, technology companies, and critical infrastructure companies.
UK’s National Cyber Security Centre warned on WednesdayAfter F5’s release, hackers could “enable a threat actor to exploit F5 devices and software.”
CISA said in an email Wednesday that it has directed civilian federal agencies under emergency directives to patch their systems by Oct. 22, citing security risks.
The company did not blame any specific government or nation-state-affiliated hacking group for the attack, and F5 spokesman Dan Sorensen declined to respond to TechCrunch’s questions. Statements published by the companyKnowing how many customers are affected and how hackers get started.
F5 is the latest tech company in recent years to be hacked by government hackers, including Microsoft — by China, and Russia, At least twice; Cloud and enterprise technology firm Hewlett Packard EnterprisesAnd Several other companies As part of a wider Russian cyber attack on software maker SolarWinds.
