More than 261,000 F5 BIG-IP instances connected to the internet could be at risk of cyberattacks following the recent cyberattack suffered by the company, experts have warned. Of these, over 140,000 instances are in North America, over 58,000 are in Europe, and over 47,000 are in Asia.
“In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from certain F5 systems”, reads the company’s statement. “Threat actor exfiltrated files from our BIG-IP product development environment and engineering knowledge management platforms. These files contained some of our BIG-IP source code and information about undisclosed vulnerabilities we were working on in BIG-IP.”
The company has taken several steps to remediate the issue:
Rotated credentials and strengthened access controls across our systems.
Deployed improved inventory and patch management automation, as well as additional tooling to better monitor, detect, and respond to threats.
Implemented enhancements to F5’s network security architecture.
Hardened F5’s product development environment, including strengthening security controls and monitoring of all software development platforms.
Released updates for its BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients.
Read more about it here.