Pavlo Gonchar | SOPA images | Light rocket | Getty Images
American cybersecurity company Q5 closed down 10% on Thursday after uncovering a systems breach in which a “sophisticated nation-state threat actor” gained long-term access to some systems.
The stock had its worst day since April 27, 2022, when shares fell 12.8%.
The company disclosed the breach in a Securities and Exchange Commission filing on Wednesday and said the hack affected its BIG-IP product development environment. F5 said the attacker infiltrated files containing source code and information about “unknown vulnerabilities” in BIG-IP.
The breach was later attributed to state-backed hackers from China. Bloomberg reported, citing people familiar with the matter.
F5, which was alerted to the attack in August, said it had seen no evidence of new unauthorized activity.
“We are not aware of any undisclosed critical or remote code vulnerabilities, nor are we aware of any active exploitation of undisclosed F5 vulnerabilities,” F5 said in a statement opinion.
According to Bloomberg, the cybersecurity giant told customers that hackers had been on the network for at least 12 months and that the breach used malware called Brickstorm.
F5 would not confirm the information.
Brickstorm is attributed to a suspected threat from the China nexus UNC5221said the Google Threat Intelligence Group in a blog post. The malware is used to maintain “long-term stealthy access” and is said to be able to remain undetected in victims’ systems for an average of 393 days Mandiant.
The attack sparked one Emergency Policy from the Cybersecurity and Infrastructure Security Agency on Wednesday, urging all agencies using F5 software or products to apply the latest update.
“The alarming ease with which these vulnerabilities can be exploited by malicious actors requires immediate and decisive action by all federal agencies,” said Madhu Gottumukkala, acting director of CISA. “The same risks apply to any organization using this technology and could potentially lead to catastrophic compromise of critical information systems.”
Also the British National Cyber
