Chinese-linked hackers breached F5 networks for months, U.S. and U.K. issue warnings

[F5 Networks corporate headquarters in Silicon Valley]
Sundry Photography/iStock Editorial via Getty Images

State-sponsored hackers believed to be linked to China infiltrated systems at cybersecurity firm F5 (NASDAQ:FFIV [https://seekingalpha.com/symbol/FFIV]) in late 2023 and remained undetected for months until their discovery in August 2025, Bloomberg News reported Saturday, citing people briefed on the investigation.

The attackers reportedly exploited a flaw in F5’s (NASDAQ:FFIV [https://seekingalpha.com/symbol/FFIV]) own software that had been left exposed online after company staff failed to follow internal security guidelines. Once inside, they gained long-term access to the network, downloading files from F5’s (FFIV [https://seekingalpha.com/symbol/FFIV]) BIG-IP application suite, including portions of source code and data on unpatched vulnerabilities.

F5 (FFIV [https://seekingalpha.com/symbol/FFIV]) disclosed the breach in a regulatory filing, describing it as a “persistent” intrusion. The company’s shares fell more than 10% following the announcement.

Security officials said the hackers deployed Brickstorm, a type of malware associated with a Chinese threat group known for stealthy, long-term access to technology and legal service providers. F5 has since brought in CrowdStrike (CRWD [https://seekingalpha.com/symbol/CRWD]), Google’s (GOOG [https://seekingalpha.com/symbol/GOOG]) (GOOGL [https://seekingalpha.com/symbol/GOOGL]) Mandiant and law enforcement to assist with the investigation.

Authorities in the U.S. and U.K. issued alerts urging organizations to update F5 (FFIV [https://seekingalpha.com/symbol/FFIV]) products by October 22, warning that the breach could allow attackers to manipulate or disrupt traffic handled by BIG-IP systems, used by 85% of Fortune 500 companies and multiple government agencies.

F5 (FFIV [https://seekingalpha.com/symbol/FFIV]) said only a small number of customers were affected and that it has seen no signs of active exploitation or tampering with its source code, Bloomberg News reported.

MORE ON F5 NETWORKS

* F5, Inc.: Great Business, Stretched Valuation [https://seekingalpha.com/article/4825501-f5-inc-great-business-stretched-valuation]
* F5, Inc. (FFIV) Q3 2025 Earnings Call Transcript [https://seekingalpha.com/article/4806483-f5-inc-ffiv-q3-2025-earnings-call-transcript]
* F5, Inc. (FFIV) Presents At Goldman Sachs Communacopia + Technology Conference (Transcript) [https://seekingalpha.com/article/4821181-f5-inc-ffiv-presents-at-goldman-sachs-communacopia-technology-conference-2025-transcript]
* Weekly Tech Check: AI strength boosts ON Semi and Micron; HPE drags on cautious outlook [https://seekingalpha.com/news/4505398-weekly-tech-check-ai-strength-boosts-on-semi-and-micron-hpe-drags-on-cautious-outlook]
* F5 (FFIV) discloses cyberattack linked to nation-state threat actor [https://seekingalpha.com/news/4504281-f5-ffiv-discloses-cyberattack-linked-to-nation-state-threat-actor]