Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer data

Cybersecurity steadfast F5 Networks says government-backed hackers had “long-term, persistent access” to its network, which allowed them to bargain the company’s root codification and lawsuit information.

In a filing with the U.S. Securities and Exchange Commission connected Wednesday, F5 said it present “believes its containment actions person been successful,” aft archetypal discovering the hackers successful its web connected August 9.

The Seattle, Washington-based company, which specializes successful providing exertion information and cybersecurity defenses for ample companies and governments, said the hackers had entree to its BIG-IP merchandise improvement situation and its cognition absorption systems, which included root codification and publically undisclosed information vulnerabilities.

F5 said it wasn’t alert of immoderate modifications to its bundle portion successful development, nor was it alert of immoderate exploitation of the vulnerabilities. The institution published respective updates connected Wednesday for its BIG-IP level to hole the undisclosed information flaws and urged customers to spot them.

The institution besides said the hackers downloaded configurations and implementation accusation astir immoderate of its customers’ systems, files that could assistance hackers find and exploit imaginable plan weaknesses, and perchance hack into those customers’ systems.

F5 said successful the announcement that the U.S. Department of Justice allowed the institution to hold its nationalist disclosure. An F5 spokesperson would not accidental for what crushed the hold was allowed, but the DOJ tin let companies to clasp disconnected connected notifying the nationalist if determination is simply a “substantial hazard to nationalist information oregon nationalist safety.”

F5 has over 1,000 firm customers and serves much than 85% of the Fortune 500, the largest nationalist companies by revenue, including banks, tech companies, and captious infrastructure companies.

The U.K.’s National Cyber Security Centre warned connected Wednesday, pursuing F5’s disclosure, that hackers could “enable a menace histrion to exploit F5 devices and software.”

CISA said successful an email connected Wednesday that it has ordered civilian national agencies nether an exigency directive to spot their systems by October 22, citing the information risks.

The institution did not property the attacks to a peculiar authorities oregon nation-state-affiliated hacking group, and F5 spokesperson Dan Sorensen declined to reply TechCrunch’s questions beyond the company’s published statement, including however galore customers are affected and if it was known however the hackers broke successful to statesman with. 

F5 is the latest tech institution successful caller years to person been hacked by authorities hackers, including Microsoft — by China, and Russia, at slightest twice; unreality and endeavor exertion steadfast Hewlett Packard Enterprise, and several different companies arsenic portion of the broader Russian cyberattack connected the bundle shaper SolarWinds.