The F5 BIG-IP Source Code Breach
嗯,用户让我用中文总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章,抓住主要信息。 文章讲的是F5公司在8月9日发现多个系统被一个高度复杂的国家级威胁行为者入侵。这些系统包括BIG-IP产品开发环境和工程知识管理平台。攻击者窃取了部分源代码和未公开的漏洞信息。 接下来,F5提到虽然入侵在8月初被发现,但直到10月15日才公开披露,是因为美国司法部的要求。美国CISA还发布紧急指令,要求机构清点所有F5产品并检查网络访问。 F5强调目前没有发现新的未经授权访问、关键漏洞泄露、供应链篡改或零日利用的证据。建议用户应用所有更新,并采取预防措施如清点产品、更新应急响应政策等。 总结时要简洁明了,涵盖入侵事件、受影响系统、披露延迟原因、CISA指令以及F5的建议。确保不超过100字。 </think> F5公司于8月9日发现其多个系统遭高度复杂国家级威胁行为者入侵,包括BIG-IP开发环境和工程知识管理平台。攻击者窃取了部分源代码和未公开漏洞信息。F5强调未发现新未经授权访问或关键漏洞泄露,并建议用户应用更新及采取预防措施。 2025-10-17 16:29:25 Author: www.trustwave.com(查看原文) 阅读量:14 收藏

1 Minute Read

On August 9, F5 discovered that multiple systems were compromised by what it is calling a "highly sophisticated nation-state threat actor" who maintained "long-term, persistent access to certain F5 systems". These included the BIG-IP product development environment and engineering knowledge management platform. That access allowed for the exfiltration of portions of F5's BIG-IP source code as well as information about undisclosed BIG-IP vulnerabilities F5 was working on.

F5 did not discuss the length of the dwell time the threat actors maintained, or how long containment took. However, F5 notes several important facts:

  • It has not seen any new unauthorized access or returning actors since they initiated containment.
  • There were no undisclosed critical or RCE vulnerabilities leaked.
  • There is no evidence of modified source code or to their software supply chain.
  • There is no evidence of Zero-Day exploitation (a risk due to the leaked source code).

While this compromise was discovered in early August, it wasn't publicly disclosed until October 15. F5 said the delay was requested by the US DOJ. Also, US CISA issued an emergency directive requiring agencies to inventory all F5 products as well as their current network access.

F5 users are recommended to apply any and all current updates. It's also important to note that this incident only represents potential risk. Exploitation would require the threat actors to discover a vulnerability in the source code, weaponize it, and then exploit it. Until or if that occurs, no indicators of compromise (IoCs) will be available.

To properly prepare to that potential circumstance, we recommend that organizations:

  • Inventory all F5 products, ensure they are patched, and not accessible from the public Internet.
  • Revisit your incident response policies to make sure they are current and have been recently practiced.
  • Monitor F5 news for any mention of exploit code or Proof of Concept code. You may want to set up keyword alerts in Google and your Social Networks for this.
  • Log and monitor all access to and from your F5 products for anomalous behavior.

Trustwave SpiderLabs will continue to monitor this situation for any new developments.

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave, A LevelBlue Company.


文章来源: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-f5-big-ip-source-code-breach/
如有侵权请联系:admin#unsafe.sh