F5, an application security company, reported a sophisticated cyberattack connected to a nation-state actor. The company first detected unauthorized access on August 9 and initiated incident response measures. Following a DOJ authorization, details of the breach were withheld due to potential risks to national security. Investigations revealed that the intruder had prolonged access to certain systems, leading to the exfiltration of sensitive files, including segments of the BIG-IP source code. However, independent reviews found no alteration of the software supply chain or critical vulnerabilities associated with the breach.
F5 has since implemented measures to strengthen their defenses, including rotating credentials and enhancing access controls across their systems. The cyberattack did not materially affect daily operations, and ongoing assessments are being made concerning financial impacts. They released updates for their software and encouraged customers to strengthen their security practices. F5 has been collaborating with multiple cybersecurity firms to bolster their response and recovery efforts, emphasizing the importance of trust and transparency in addressing the incident.
👉 Pročitaj original: CyberScoop
