Cybersecurity firm F5’s stock sinks 12% after disclosing nation-state hack

Cybersecurity firm F5’s stock sinks 12% after disclosing nation-state hack


Pavlo Gonchar | SOPA Images | Lightrocket | Getty Images

U.S. cybersecurity company F5 fell 12% on Thursday after disclosing a system breach in which a “highly sophisticated nation-state threat actor” gained long-term access to some systems.

F5 shares were pacing for the worst day since April 27, 2022, when the stock fell 12.8%.

The company disclosed the breach in a Securities and Exchange Commission filing on Wednesday and said the hack affected its BIG-IP product development environment. F5 said the attacker infiltrated files containing some source code and information on “undisclosed vulnerabilities” in BIG-IP.

The breach was later attributed to state-backed hackers from China, Bloomberg reported, citing people familiar with the matter.

F5, which was made aware of the attack in August, said they have not seen evidence of any new unauthorized activity.

“We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities,” F5 said in a statement.

The cybersecurity giant told customers that hackers were in the network for at least 12 months and that the breach used a malware called Brickstorm, according to Bloomberg.

F5 would not confirm the information.

Brickstorm is attributed to a suspected China-nexus threat dubbed UNC5221, Google Threat Intelligence Group said in a blog post. The malware is used for maintaining “long-term stealthy access” and can remain undetected in victim systems for an average of 393 days, according to Mandiant.

The attack prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency on Wednesday, telling all agencies using F5 software or products to apply the latest update.

“The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies,” CISA Acting Director Madhu Gottumukkala said. “These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems.”

The UK’s National Cyber Security Centre also issued guidance for the F5 attack, advising customers to install security updates and continue monitoring for threats.



Source

Apple delivers a nearly perfect quarter, with a CEO change and an AI update ahead
Technology

Apple delivers a nearly perfect quarter, with a CEO change and an AI update ahead

Apple on Thursday evening reported a strong quarter to wrap up a busy week of megacap earnings. Clearly, CEO Tim Cook’s decision to announce his upcoming departure ahead of the release was a move to ensure that news would not overshadow the incredible results. Revenue in Apple’s fiscal 2026 second quarter ended March 31 increased […]

Read More
Reddit’s CEO calls his company ‘the fuel’ for artificial intelligence
Technology

Reddit’s CEO calls his company ‘the fuel’ for artificial intelligence

Reddit CEO Steve Huffman said his company may be one of the most underappreciated winners of the artificial intelligence boom. “There’s no artificial intelligence without actual intelligence,” he said on “Mad Money.” “The knowledge has to come from somewhere, and Reddit is one of the primary sources for that sort of information that AI’s crave, […]

Read More
Veeva Systems to join S&P 500 index, replacing Coterra Energy
Technology

Veeva Systems to join S&P 500 index, replacing Coterra Energy

FILE PHOTO: Veeva Systems Founder and CEO Peter Gassner gives an interview on the floor of the New York Stock Exchange. Brendan McDermid | Reuters Veeva Systems, which sells cloud software to life sciences companies and drugmakers, is joining the S&P 500, becoming the latest tech company to get added to the benchmark. The stock […]

Read More
Powered by WordPress | WP Magazine by WP Mag Plus