Cybersecurity firm F5's stock sinks 10% after disclosing nation-state hack - CNBC

Skip Navigation Cybersecurity firm F5′s stock sinks 10% after disclosing nation-state hack Livestream CREATE FREE ACCOUNT Markets Business Investing Tech Politics Video Watchlist Investing Club PRO Livestream Menu Key Points Cybersecurity company F5′s stocks dropped 12% after disclosing a system breach by a “highly sophisticated nation-state threat actor.” The attack prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency. The breach was later attributed to state-backed hackers from China, Bloomberg reported, citing people familiar with the matter. In this article FFIVUNCH Follow your favorite stocksCREATE FREE ACCOUNT Pavlo Gonchar | SOPA Images | Lightrocket | Getty Images U.S. cybersecurity company F5 closed down 10% on Thursday after disclosing a system breach in which a “highly sophisticated nation-state threat actor” gained long-term access to some systems. The stock had its worst day since April 27, 2022, when the stock fell 12.8%. The company disclosed the breach in a Securities and Exchange Commission filing on Wednesday and said the hack affected its BIG-IP product development environment. F5 said the attacker infiltrated files containing some source code and information on “undisclosed vulnerabilities” in BIG-IP. The breach was later attributed to state-backed hackers from China, Bloomberg reported, citing people familiar with the matter. F5, which was made aware of the attack in August, said they have not seen evidence of any new unauthorized activity. Read more CNBC tech news Micron revenue almost triples, tops estimates as demand for memory soars Uber to invest up to $1.25 billion in EV maker Rivian in deal to launch 50,000 robotaxis Meta is shutting down VR social platform Horizon Worlds in further pivot away from the metaverse Meta’s Manus launches desktop app to bring its AI agent onto personal devices amid OpenClaw craze “We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities,” F5 said in a statement. The cybersecurity giant told customers that hackers were in the network for at least 12 months and that the breach used a malware called Brickstorm, according to Bloomberg. F5 would not confirm the information. Brickstorm is attributed to a suspected China-nexus threat dubbed UNC5221, Google Threat Intelligence Group said in a blog post. The malware is used for maintaining “long-term stealthy access” and can remain undetected in victim systems for an average of 393 days, according to Mandiant. The attack prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency on Wednesday, telling all agencies using F5 software or products to apply the latest update. “The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies,” CISA Acting Director Madhu Gottumukkala said. “These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems.” The UK’s National Cyber Security Centre also issued guidance for the F5 attack, advising customers to install security updates and continue monitoring for threats. Choose CNBC as your preferred source on Google and never miss a moment from the most trusted name in business news. TRENDING NOW ‘Tax resistance’ gains attention amid ICE protests, Iran war — and IRS penalties could follow I’ve been a neuroscientist for 20 years. I keep my brain strong and healthy by avoiding 6 things Trump threatens to send ICE to airports if DHS shutdown doesn’t end; Musk offers to cover TSA pay U.K. says Iran unsuccessfully targeted British-American Diego Garcia base GLP-1 drugs are changing how Americans eat. Food companies are racing to catch up Sponsored LinksSponsored Links Promoted LinksPromoted Links FROM THE WEB Dermatologist: 2 Mistakes Making Your Eye Bags WorseThe Beauty Insider Undo Kindle lovers are asking: Why didn't I find out about this site sooner?BookBub Learn More Undo This site is now part of Versant. By continuing, you agree to our Terms. You also acknowledge that our updated Privacy Policy applies, including your existing data. For info on your data rights, click “Your Privacy Choices” or see “Your Rights” in our Privacy Policy. We and our partners also use tools on this site to provide the services, personalize your experience, and for analytics, marketing, and advertising. If you previously opted out of selling, sharing, or targeted advertising on this site, you will need to update your Privacy Choice. Your Privacy Choices Continue Residents (or authorized agents) of states listed in the “Your Rights” section of our Privacy Policy: You are opted out of targeted advertising, selling, or sharing, occurring on this site, for this browser and device. We received your election through our toggle or a universal opt-out preference signal. You can change your choice any time. You should also provide the information requested in this Opt-Out Form, which will enable us to take action on your opt-out election more broadly than just this site (e.g., we will be able to stop sharing your email with third parties in order to target you with adverting on other sites and services, like social media platforms, such as social media platforms). Residents (or authorized agents) of states not listed in the “Your Rights” section of our Privacy Policy: If we do not detect that you are in one of the states listed in the “Your Rights” section of our Privacy Policy, we cannot ensure that we will be able to apply your opt out choice, even if you utilize the toggle or we receive your election through your universal opt-out preference signal. Notice of Right to Opt-Out of Sale/Sharing and Targeted Advertising We may collect personal data from and about you through this site for “targeted advertising,” “selling,” or “sharing,” as defined by applicable privacy laws. Some states provide residents (or their authorized agents) with the right to opt out of these practices. See the “Your Rights” section of our Privacy Policy for more info. If you reside in one of these states (or are an authorized agent) you can opt out of targeted advertising, selling, or sharing, occurring on this site by moving the toggle below to the left and clicking “Confirm My Choice.” Your choice through the toggle is specific to this site. If you access other Versant sites and services, you will need to opt out for each. Also, if you clear your cookies on this browser or use another browser or device, you will need to opt out again. You can change your choice any time. In addition to the toggle, you should also provide the information requested in our “Opt-Out Form” (accessible by clicking the “+” below), which will enable us to take action on your opt-out election more broadly than just on this site (e.g., we will be able to stop sharing your email with third parties in order to target you with adverting on other site and services, such as social media platforms). You may also enable where available and provided for under applicable privacy laws, a universal tool that automatically communicates your opt out preference, such as the Global Privacy Control (“GPC”). If detected, we will process your GPC signal as if you had opted out through the toggle. If you opt-out, you may continue to see advertising, including ads that may be based on personal information processed before you opted out. Manage Opt-Out Preferences: Move Toggle to Left and Click “Confirm My Choice” and then Complete Opt-Out Form (accessible by clicking “+” below) Allow Sale of My Personal Info and Sharing/Processing for Targeted Ads Allow Sale of My Personal Info and Sharing/Processing for Targeted Ads Residents (or authorized agents) of states listed in the “Your Rights” section of our Privacy Policy: To opt out of targeted advertising, selling, or sharing occurring on this site for this browser and device, move the toggle to the left and click “Confirm My Choice.” Residents (or authorized agents) of states not listed in the “Your Rights” section of our Privacy Policy: If we do not detect that you are in one of the states listed in the “Your Rights” section of our Privacy Policy, we cannot ensure that we will be able to apply your opt out choice, even if you utilize the toggle. Please note, your choice through the toggle is specific to this site, for this browser and device. If you access other Versant sites and services, you will need to opt out for each. Also, if you clear your cookies on this browser or use another browser or device, you will need to opt out again. You can change your choice any time. If you opt-out, you may continue to see advertising, including ads that may be based on personal data processed before you opted out. Opt-Out Form Always Active You should also provide the info requested in this Opt-Out Form, which will enable us to take action on your opt-out election more broadly than just this site (e.g., we will be able to stop sharing your email with third parties in order to target you with adverting on other sites and services, such as social media platforms). Cookie List Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choice