F5 Breach: Nation-State Actors Steal Source Code and Customer Data — Federal Agencies on Alert

In summer 2025, a sophisticated nation-state actor gained persistent access to F5’s internal systems and exfiltrated internal files — including source code and sensitive customer data for widely used Big-IP products. The compromise was discovered by F5 on August 9, 2025 and subsequently escalated to U.S. authorities after F5 disclosed the incident in an SEC filing; CISA issued emergency guidance because the breach represents an elevated supply-chain risk for federal and enterprise customers that use F5 appliances and services. Axios+1

Why it matters: Big-IP appliances perform load balancing, application delivery, and traffic inspection — code and configuration data from these products can accelerate attackers’ ability to craft reliable exploits and pivot into customer environments, making this both a supply-chain and national-security incident. Agencies and organizations using F5 have been advised to assume potential compromise and apply vendor guidance and mitigations immediately. Cybersecurity Dive

What happened technically (summary): attackers achieved long-term footholds in F5 systems, located and exfiltrated sensitive artifacts, and avoided quick detection, enabling a window for weaponization against downstream targets. The actor has been described as “highly sophisticated” by U.S. officials; attribution statements remain limited publicly. Axios+1

References & sources: F5 SEC disclosure reporting the intrusion; CISA and reporting from Cybersecurity Dive and Axios. axios