WASHINGTON (Reuters) -U.S. government officials said on Wednesday that federal networks are being targeted by an unidentified “nation-state cyber threat actor” that’s trying to exploit vulnerabilities in products made by the cybersecurity company F5. In a statement, the Cybersecurity and Infrastructure Security Agency said exploitation of the devices “could allow the threat actor to move […]
Science
US says ‘significant cyber threat’ hitting federal networks using F5 devices
Audio By Carbonatix
WASHINGTON (Reuters) -U.S. government officials said on Wednesday that federal networks are being targeted by an unidentified “nation-state cyber threat actor” that’s trying to exploit vulnerabilities in products made by the cybersecurity company F5.
In a statement, the Cybersecurity and Infrastructure Security Agency said exploitation of the devices “could allow the threat actor to move laterally within an organization’s network, exfiltrate sensitive data, and establish persistent system access, potentially leading to a full compromise of targeted information systems.”
Earlier, F5Â said it had detected unauthorized access to certain company systems by a threat actor, but the breach had no impact on its operations.
The company discovered the intrusion on August 9 and took “extensive actions” to contain the threat, engaging external experts, including CrowdStrike, Mandiant, NCC Group and IOActive, to assist with the investigation, it said in a filing with the U.S. Securities and Exchange Commission.
F5, a provider of cybersecurity and multi-cloud application services, said the attacker had long-term access to its internal systems used to develop BIG-IP software and stole files containing parts of the program’s code and details about security flaws that had not yet been made public.
The company, however, said it found no signs that key security flaws were used in attacks or that its software development process had been tampered with.
F5 said information from a few customers was involved in the breach, and it was reaching out to those affected directly.
The company continues to strengthen its security controls and infrastructure following the incident, it said, adding that the U.S. Department of Justice had approved a delay in publicly disclosing the breach until September 12, citing national security considerations.
(Reporting by Akash Sriram in Bengaluru and Raphael Satter in Washington; Editing by Shilpi Majumdar and David Gregorio)