Cybersecurity firm F5's stock sinks 12% after disclosing nation-state hack

Shares of F5, a prominent U.S. cybersecurity firm, plummeted by 12% on Thursday after the company revealed a significant breach involving a sophisticated attack from a nation-state actor. This decline marks the steepest drop for F5 since April 27, 2022, when its stock fell by 12.8%. In a filing with the Securities and Exchange Commission, F5 disclosed that the breach affected its BIG-IP product development environment. The company reported that unauthorized access had been granted to certain files, which included source code and details on unspecified vulnerabilities in its BIG-IP system. According to reports from Bloomberg, the breach has been linked to state-sponsored hackers believed to be operating from China. F5 became aware of the intrusion in August but asserted that they have yet to find evidence of any new unauthorized activities. In a statement, the company emphasized, "We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities." The investigation revealed that the hackers had maintained access to the network for over a year, employing malware known as Brickstorm. This malware is associated with a China-linked group identified as UNC5221, according to the Google Threat Intelligence Group. Mandiant, a cybersecurity firm, noted that Brickstorm is designed for prolonged stealthy access, often remaining undetected for an average of 393 days. In response to this alarming situation, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive urging all federal agencies utilizing F5 software to implement the latest security updates. CISA Acting Director Madhu Gottumukkala stated, "The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies," highlighting the potential risks to organizations that employ this technology. The UK's National Cyber Security Centre also provided guidance, recommending that customers apply security updates and stay vigilant against potential threats.