F5 Inc. disclosed a cybersecurity incident involving “unauthorized access to certain Company systems,” stating in its SEC Form 8-K. “The Company promptly activated its incident response processes, and has taken extensive actions to contain the threat actor,” the filing said.
The company further reported, “The investigation, monitoring, and related activities are ongoing,” and affirmed it is “actively engaged with federal law enforcement and government partners in connection with this incident”.
Bloomberg, citing people familiar with the matter, reported U.S. officials suspect a China-based campaign targeting infrastructure providers. F5 did not attribute the intrusion in its filing.
In response, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, directing federal agencies to apply available updates and restrict network access to affected F5 BIG-IP and BIG-IQ devices.
