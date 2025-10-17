Shares in the US cybersecurity group F5 fell 11% on Thursday after the revelation of a sophisticated cyberattack, which Bloomberg says was carried out by hackers linked to the Chinese state. The company confirmed that the attack targeted the development environment of its flagship product, BIG-IP, which is used in many critical systems. Files containing source code and information on undisclosed vulnerabilities were reportedly exfiltrated. F5, which says it discovered the intrusion in August, claims it has not identified any new malicious activity or critical vulnerabilities being exploited.

However, according Bloomberg and Mandiant, the hackers maintained a presence on the network for over a year using malware called Brickstorm, attributed to the UNC5221 group. This software is designed to ensure prolonged and discreet persistence in systems, with an estimated average infection duration of 393 days. Given the seriousness of the situation, the US agency CISA issued an emergency directive requiring all federal agencies using F5 products to immediately apply the latest security updates.

Madhu Gottumukkala, acting director of CISA, called for a rapid response, saying that "the alarming ease of exploiting these vulnerabilities requires immediate and decisive action." The UK's National Cyber Security Centre issued a similar alert. This incident, the most serious for F5 since 2022, comes amid heightened technological tensions between Washington and Beijing and highlights the vulnerability of critical infrastructure to cyberattacks by state entities.