Skip to content
October 19, 2025Cryptopolitan logoCryptopolitan

Chinese-linked hackers infiltrated F5’s systems in late 2023

Hackers linked to China’s state-backed cyber units infiltrated F5’s internal networks in late 2023 and stayed hidden until this August, according to ￰0￱ Seattle-based cybersecurity company admitted in filings that its systems had been compromised for nearly two years, allowing attackers “long-term, persistent access” to its internal ￰1￱ breach reportedly exposed source code, sensitive configuration data, and information about undisclosed software vulnerabilities in its BIG-IP platform, a technology that powers the networks of 85% of Fortune 500 companies and many US federal ￰2￱ hackers broke in through F5’s own software, which had been left exposed online after employees failed to follow internal security ￰3￱ attackers exploited that weak point to enter and roam freely inside systems that should have been locked down.

F5 company told customers that the oversight directly violated the same cyber guidelines the company teaches its clients to ￰4￱ the news broke, F5’s shares fell more than 10% on October 16, wiping out millions in market value. “Since that vulnerability information is out there, everyone using F5 should assume they’re compromised,” said Chris Woods, a former security executive with HP who is now founder of CyberQ Group Ltd., a cybersecurity services firm in the ￰5￱ used F5’s own technology to maintain stealth and control F5 sent customers on Wednesday a threat hunting guide for a type of malware called Brickstorm used by Chinese state-backed hackers, according to Bloomberg.

Mandiant, which was hired by F5, confirmed that Brickstorm allowed hackers to move quietly through VMware virtual machines and deeper ￰6￱ securing their foothold, the intruders stayed inactive for over a year, an old but effective tactic meant to outwait the company’s security log retention period. Logs, which record every digital trace, are often deleted after 12 months to save ￰7￱ those logs were gone, the hackers reactivated and pulled data from BIG-IP, including source code and vulnerability reports. F5 said that while some customer data was accessed, it has no real evidence that hackers changed its source code or used the stolen information to exploit clients.

F5’s BIG-IP platform handles load balancing and network security, routing digital traffic and shielding systems from ￰8￱ and UK governments issue emergency warnings The US Cybersecurity and Infrastructure Security Agency (CISA) called the incident a “significant cyber threat targeting federal networks.” In an emergency directive issued on Wednesday, CISA ordered all federal agencies to identify and update their F5 products by October ￰9￱ UK’s National Cyber Security Centre also issued an alert about the breach on Wednesday, warning that hackers could use their access to F5 systems to exploit the company’s technology and to identify additional ￰10￱ the disclosure, F5 CEO Francois Locoh-Donou held briefings with customers to explain the scope of the ￰11￱ confirmed that the company had called in CrowdStrike and Google’s Mandiant to assist alongside law enforcement and government ￰12￱ familiar with the probe allegedly told Bloomberg that the Chinese government was behind the ￰13￱ a Chinese spokesperson dismissed the accusation as “groundless and made without evidence.” Ilia Rabinovich, Sygnia’s vice president of cybersecurity consulting, said that in the case Sygnia disclosed last year, hackers hid inside F5’s appliances and used them as a “command and control” base to infiltrate victim networks undetected.

“There is a potential for it to evolve into something that is massive, because numerous organizations deploy those devices,” he ￰14￱ your free seat in an exclusive crypto trading community - limited to 1,000 members.

Cryptopolitan logo
Cryptopolitan

Latest news and analysis from Cryptopolitan

Investors Pile In After Bitcoin’s Decline — Here’s What It Could Mean

Investors Pile In After Bitcoin’s Decline — Here’s What It Could Mean

Following the flash crash of last week, the Bitcoin price has once again sunk to similar depths, albeit in a more steady price correction. Notably, the leading cryptocurrency dipped below $105,000 on ...

NewsBTC logoNewsBTC
1 min
It now takes 116 hours of minimum wage work to buy an ounce of gold, highest in more than 100 years

It now takes 116 hours of minimum wage work to buy an ounce of gold, highest in more than 100 years

Gold has made every other asset on earth its dog throughout this year, rallying too hard that it now takes 116 hours of minimum wage work to buy one ounce of the precious metal in America, the highest...

Cryptopolitan logoCryptopolitan
1 min
Bitcoin Near $105K Support — Traders Expect a Sharp 40% Relief Rally Before Year-End

Bitcoin Near $105K Support — Traders Expect a Sharp 40% Relief Rally Before Year-End

Bitcoin’s correction appears to be stabilizing as BTC holds firm near the $105,000 support level , a critical zone that has historically acted as a launchpad for mid-cycle recoveries. Market analysts ...

BitcoinSistemi logoBitcoinSistemi
1 min