U.S. cybersecurity company F5 experienced a significant 12% drop in its stock price on Thursday following the disclosure of a system breach involving a “highly sophisticated nation-state threat actor” that gained long-term access to some of its systems. This marked the company’s worst trading day since April 27, 2022, when shares fell by 12.8%.

The breach was revealed in a Securities and Exchange Commission (SEC) filing on Wednesday. According to the company, the attack targeted its BIG-IP product development environment. The intruder accessed files containing some source code and information on “undisclosed vulnerabilities” within BIG-IP.

Bloomberg, citing sources familiar with the matter, later attributed the breach to state-backed hackers from China. F5, which became aware of the attack in August, stated that there has been no evidence of any new unauthorized activity since then.

In an official statement, F5 emphasized, “We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities.”

The cybersecurity firm informed its customers that the hackers had been present in its network for at least 12 months. The breach reportedly involved malware called Brickstorm, according to Bloomberg, although F5 has not confirmed this information.

Brickstorm is linked to a suspected China-based threat group known as UNC5221, as detailed by Google’s Threat Intelligence Group in a blog post. The malware is designed to maintain “long-term stealthy access” and can remain undetected in victim systems for an average of 393 days, Mandiant reported.

In response to the breach, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on Wednesday, urging all federal agencies using F5 software or products to apply the latest updates immediately.

CISA Acting Director Madhu Gottumukkala commented, “The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies. These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems.”

Similarly, the United Kingdom’s National Cyber Security Centre (NCSC) issued guidance for organizations affected by the F5 attack. The NCSC advised customers to install all security updates promptly and to maintain vigilant monitoring for any signs of ongoing threats.
https://www.cnbc.com/2025/10/16/cybersecurity-f5-stock-hack.html