Hackers Breached F5, Stole BIG-IP Source Code and Data on Undisclosed Vulnerabilities
F5 Networks has confirmed a security breach attributed to state-sponsored hackers who maintained long-term access to parts of the company’s internal systems. The attackers reportedly stole confidential data, including source code for the BIG-IP platform and details about previously undisclosed vulnerabilities.
What Happened
In a filing with the U.S. Securities and Exchange Commission (SEC), F5 disclosed that the intrusion affected systems tied to the development of its BIG-IP product line—a family of application delivery and traffic management appliances used by 48 of the world’s 50 largest companies.
The attackers are believed to have compromised a network segment used for creating and distributing BIG-IP software updates, giving them access to sensitive internal files. According to the company, the stolen material includes source code and vulnerability information related to products still in active use.
Company’s Response
F5 stated that it has found no evidence of interference with its software supply chain, including source code repositories, build environments, or release pipelines.
“We have no evidence of interference with our software supply chain,” the company said. “There is also no indication that the attackers accessed NGINX source code or product development environments.”
The company further noted that while the stolen data includes information about unpatched flaws, none are believed to be critical or capable of remote code execution. At present, there are no signs of active exploitation.
Why It Matters
While F5 sought to reassure customers that the impact is contained, cybersecurity analysts view the incident as potentially significant. Access to proprietary source code and unpublished vulnerability data can enable advanced exploitation and supply chain attacks in the future.
The disclosure comes at a time when state-backed intrusion campaigns have increasingly targeted major software vendors to gain footholds in enterprise networks. With F5’s technology embedded deep within corporate infrastructures, even a limited breach carries wide-reaching implications.
F5 says it continues to investigate and has notified law enforcement and affected stakeholders.
