By U.S. cybersecurity firm F5 Inc. saw its shares fall more than 12% on Thursday, marking the steepest single-day decline since April 2022, after revealing a significant security breach attributed to a “highly sophisticated nation-state threat actor.”
The company said the attacker gained long-term access to parts of its internal systems, raising fresh concerns about vulnerabilities in critical infrastructure software.
Breach exposes source code and undisclosed vulnerabilities
In a Securities and Exchange Commission (SEC) filing late Wednesday, F5 disclosed that the breach impacted its BIG-IP product development environment, a core platform used for network traffic management and application security.
According to the filing, the attacker accessed files containing source code and details about undisclosed vulnerabilities in the BIG-IP product.
F5 said it was first made aware of the intrusion in August and immediately launched an internal investigation.
The company emphasized that it has not found evidence of ongoing unauthorized activity or any exploitation of previously undisclosed vulnerabilities.
“We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities,” the company said in a statement.
However, sources cited by Bloomberg later attributed the attack to state-backed hackers from China, who reportedly infiltrated the company’s systems for at least 12 months.
The attackers deployed a malware tool known as Brickstorm, which cybersecurity experts describe as capable of maintaining long-term, stealthy access.
Malware and threat attribution
The malware, Brickstorm, has been linked to a suspected China-nexus threat group known as UNC5221, according to research from Google’s Threat Intelligence Group.
The malware allows intruders to remain undetected within systems for extended periods—an average of 393 days, according to cybersecurity firm Mandiant.
Although F5 did not confirm details of the malware or the threat group, reports indicate that the company has been working closely with federal authorities and cybersecurity partners to assess the full scope of the breach.
The incident triggered an emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday, requiring all federal agencies using F5 software to apply immediate security updates.
“The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies,” said CISA Acting Director Madhu Gottumukkala.
“These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems.”
The UK’s National Cyber Security Centre (NCSC) also issued an advisory urging F5 customers to patch systems and maintain heightened monitoring for suspicious activity.
Market reaction and industry impact
Investors reacted sharply to the disclosure, sending F5 shares down 12%, their largest single-day drop in more than three years.
The decline reflects broader market concerns about cybersecurity exposure—even among companies that specialize in network protection.
Analysts note that breaches at cybersecurity firms can have an outsized reputational impact, undermining confidence in products designed to defend against precisely such attacks.
The timing of the incident, amid rising global cyber tensions and increased scrutiny of Chinese state-backed hackers, could also amplify regulatory and commercial repercussions for F5 in the months ahead.
Despite the immediate selloff, F5 reiterated that it has contained the incident and continues to strengthen its defenses.
The company’s upcoming quarterly filings are expected to provide more details on the operational and financial implications of the breach.
The post F5 shares plunge after disclosing major breach linked to Chinese hackers appeared first on Invezz
