CarlosROct 17
BeyondMachines 

If you have F5 Networks equipment, especially Big-IP, start patching. NOW!

https://beyondmachines.net/event_details/f5-networks-reports-major-nation-state-breach-big-ip-source-code-and-vulnerability-data-stolen-y-l-d-9-c

F5 Networks reports major Nation-State Breach, BIG-IP source code and vulnerability data stolen

F5 Networks reports on August 9, 2025, that a China-nexus nation-state group (UNC5221) breached and maintained persistent access to their systems for at least 12 months, stealing BIG-IP source code, vulnerability information, and customer configurations. CISA issued Emergency Directive ED 26-01 ordering federal agencies to secure and patch F5 systems by October 22 due to "imminent threat" and potentially "catastrophic" consequences. F5 released patches for 44 vulnerabilities.

BeyondMachines
Oct 16 at 6:18amWeb
Show thread⠠⠵ avukoOct 16

@beyondmachines1 before you patch your F5 stuff, extract all forensic information you can!

For any F5 system you have, contact your vendor and press them to give you direct access and ways to gather evidence for yourself.

Also collect any and all logs and other forensic evidence from devices directly reachable from any F5 stuff you have.

These are hard earned lessons, people.

Slow down before you speed up, or your containment and eradication phases will be insufficient or even useless.

#ioc #cybersecurity #infosec #dfir #bigip #f5 #f5networks