The U.S. government has issued an urgent warning after multiple federal agencies detected cyberattacks exploiting vulnerabilities in F5 BIG-IP and BIG-IQ devices. According to a joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, threat actors are actively leveraging a recently discovered flaw in F5’s networking technology to gain unauthorized access to government networks and critical infrastructure systems.
F5 Flaws Provide Gateway for Attackers
The attacks reportedly take advantage of a remote code execution vulnerability that enables hackers to execute commands and potentially seize control of targeted devices. The flaw affects certain versions of F5’s widely used BIG-IP traffic management systems, which serve as load balancers and application firewalls across enterprise and government environments.
Federal Agencies Urged to Patch Immediately
CISA has directed all federal civilian agencies to apply F5’s latest security patches immediately and isolate any unpatched devices from the internet. The agency emphasized that hackers are exploiting unpatched systems to install backdoors, exfiltrate sensitive data, and move laterally across networks. “These devices are high-value targets because they sit at the edge of networks and control large volumes of traffic,” CISA said in its bulletin.
Suspected State-Sponsored Involvement
While officials did not name a specific threat actor, cybersecurity researchers suspect the activity may be linked to state-sponsored groups from China or Russia, who have a history of exploiting edge network vulnerabilities. Analysts also noted similarities between the latest incidents and past campaigns that leveraged Pulse Secure VPN and Fortinet devices to infiltrate U.S. agencies.
F5 Responds to Security Concerns
In response, F5 Networks released a statement confirming that patches and mitigations are available for all affected products. The company urged users to “follow best practices, restrict management interfaces, and ensure timely software updates.” F5 also noted that it is collaborating with federal authorities and private sector partners to monitor ongoing exploitation attempts.
Growing Threat to Critical Infrastructure
This incident underscores the increasing threat to edge network devices, which have become a favorite target for hackers seeking to bypass traditional security controls. Security experts warn that without immediate patching and network segmentation, the attacks could spread to critical infrastructure operators, financial institutions, and healthcare organizations.