F5 Networks, a leading U.S. cybersecurity firm, has confirmed it experienced a significant breach by nation-state hackers. These attackers infiltrated the company’s systems and stole source code, including undisclosed vulnerabilities related to its flagship product, BIG-IP. The breach was first identified on August 9, 2025.
Details of the Breach
The attackers achieved long-term access to F5 systems, including the product development environment associated with BIG-IP. The company serves over 23,000 clients in 170 countries, including 48 of the top 50 Fortune 500 companies.
- First Discovered: August 9, 2025
- Number of Customers: 23,000
- Countries Served: 170
F5 confirmed the exfiltration of certain files that contained portions of the BIG-IP source code and information on undisclosed vulnerabilities. Despite this data breach, F5 stated there is no evidence that the hackers have exploited these vulnerabilities or accessed private customer information.
Impact on Services
The company assured that its software supply chain remains secure. No unauthorized modifications were made to critical systems, including customer data platforms and other product services such as NGINX and F5 Distributed Cloud Services.
Response and Remediation
In response to the intrusion, F5 implemented several measures to mitigate future risks:
- Enhanced access controls across the organization
- Improved monitoring and detection capabilities
- Strengthened security architecture for product development
F5 also engaged cybersecurity firms NCC Group and IOActive for further assessments. These assessments involved over 76 consultants and showed no new vulnerabilities had been introduced into their software.
Customer Guidance
F5 is in the process of informing affected customers and has released updates for various products, including BIG-IP and BIG-IQ. The company emphasizes the importance of installing these updates as a precautionary measure against potential exploitation.
- Updates Available for: BIG-IP, F5OS, BIG-IP Next for Kubernetes, and APM clients.
- New security best practices include using the F5 iHealth Diagnostic Tool for vulnerability assessments.
The company’s support team is available for assistance. Customers are encouraged to open support cases through the MyF5 platform or contact F5 support directly.
Public Disclosure and Safety Measures
F5 delayed the public disclosure of the breach at the request of U.S. authorities to secure critical systems. On September 12, 2025, the DOJ confirmed that the delay was warranted for operational security reasons. F5 asserted that the breach has had no material impact on its operations.
As this situation develops, F5 continues to monitor the aftermath closely. The global cybersecurity landscape is increasingly fraught with threats, making robust security measures and awareness essential for all organizations.
