‘It’s been a mess’: Shutdown slows federal F5 hack response

The U.S. government has struggled to contain the fallout from a likely Chinese-instigated breach of application security vendor F5 as furloughs and staffing shortages hinder federal response efforts, said senior cybersecurity officials.

The Cybersecurity and Infrastructure Security Agency warned in an Oct. 15 emergency directive that a nation-state actor breached F5’s internal systems and stole sensitive files – including portions of its BIG-IP source code and details of undisclosed vulnerabilities that could be used to craft custom exploits.

Federal agencies have since scrambled to locate affected devices across federal networks. Research shows more than 680,000 F5 BIG-IP devices were exposed online when the flaw was disclosed – including many linked to U.S. government agencies

Read more at Gov Info Security