F5 BIG-IP Breach: Nation-State Actors Steal Vulnerabilities and Source Code, 266,000 Instances Exposed

Free, Unbiased, and Open threat intelligence

F5 BIG-IP Breach: Nation-State Actors Steal Vulnerabilities and Source Code, 266,000 Instances Exposed

threat Profile

HIGH

Description

Nation-state hackers, suspected to be China-linked threat group UNC5291, breached F5's network and stole undisclosed BIG-IP security vulnerabilities and source code. The attackers were active in F5's network for at least one year. Following the disclosure, Shadowserver Foundation identified over 266,000 F5 BIG-IP instances exposed online, with nearly half located in the United States. F5 has released patches for 44 vulnerabilities including those stolen in the breach and urges immediate updates.

MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1133 - External Remote Services T1070 - Indicator Removal T1059 - Command and Scripting Interpreter T1505.003 - Web Shell T1071 - Application Layer Protocol T1041 - Exfiltration Over C2 Channel

Related Entities

Threat Actors

UNC5291

Malware

Spawnant Zipline Brickstorm

Metadata

Published

7 months ago

Views