Was this helpful?
Thumbs UP Thumbs Down

Major US cyber breach tied to China raises alarms

by: Dan Mitchell
Modified Date Last updated: October 21, 2025

7 min read

Many chinese hackers in troll farm privacy and security concept
Ransomware cyber attack using malware, Security breach concept
Depositphotos

A massive cyber breach uncovered

A U.S. cybersecurity provider, F5 Inc., revealed a China-backed hack. The company confirmed deep internal access, with sensitive files and portions of source code stolen.

Experts have warned that the breach could have far-reaching consequences due to F5’s widespread technology use. The hackers reportedly infiltrated F5’s systems for at least a year before detection.

This long-term breach gave them plenty of time to study the company’s code and tools that protect Fortune 500 firms and federal agencies. The discovery has now triggered urgent alerts from both U.S. and U.K. cybersecurity authorities.

Hackers celebrating successful hacking attempt and getting access.
Depositphotos

Hackers had year long hidden access

Investigators found that the hackers remained inside F5’s network for around 12 months before being discovered. That means they had an entire year to move quietly through the system, copying code and gathering data without setting off alarms.

The hackers’ long-term access suggests advanced skills and strong resources, making it likely this was a nation-backed operation. F5’s CEO is now personally briefing customers about what was taken and how it could affect their systems.

China's flag on pole
Depositphotos

Chinese link sparks global concern

Sources familiar with the investigation said the attack was traced to a state-backed hacking group in China. This link has raised alarms in Washington and London, as F5’s technology protects sensitive government networks and corporate systems worldwide.

Beijing quickly responded, calling the accusation “groundless” and politically motivated. China’s Foreign Ministry said it opposes all forms of hacking and warned against spreading disinformation. The international tension highlights how cybersecurity breaches often spill into diplomacy.

Cyber security experts working on spyware and malware detection in
Depositphotos

What F5’s tech actually does

F5’s BIG-IP products are key tools in keeping the internet running smoothly. They handle tasks like “load balancing,” which helps distribute traffic so websites and apps stay fast and stable. They also include built-in security features such as firewalls and access controls.

That’s why this breach is such a big deal. BIG-IP is used by government agencies and top global companies. Any compromise in that system could expose networks that rely on it for safety and performance.

How does it work
Depositphotos

How hackers exploited source code

The attackers didn’t just steal files; they took parts of F5’s source code. That code reveals exactly how the company’s software works and what vulnerabilities might exist inside. Cybersecurity experts fear the hackers could use it to break into networks that depend on F5 tools.

By understanding the inner workings of the code, hackers can create new ways to bypass security or hide malicious activity. This makes the stolen data especially valuable for spying or cyberwarfare.

Many chinese hackers in troll farm privacy and security concept
Depositphotos

Brickstorm malware tied to UNC5221

The malware used in the attack, called Brickstorm, is tied to a China-linked hacking team that’s been active since 2023. Google’s Mandiant team tracks this group as “UNC5221,” describing it as an espionage actor targeting global tech providers.

These hackers often steal source code from major companies to find weaknesses that can be reused to infiltrate their customers’ systems. It’s a method designed not just to steal data but to gain control over larger networks through backdoors.

Follow the guidelines concept person click keyboard button
Depositphotos

Inside the Brickstorm threat guide

Following the breach, F5 sent its customers a “threat hunting” guide explaining how to detect and remove Brickstorm malware. The guide walks users through specific signs of infection and how to secure affected systems.

This step was critical since many F5 clients depend on the company for protecting sensitive infrastructure. The guide’s release also signals how serious F5 believes the breach is, especially for federal and Fortune 500 networks.

Flags of the United States and the China
Depositphotos

US issues emergency directive

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) quickly issued an emergency directive after the breach was disclosed. It labeled the incident a “significant cyber threat” and warned federal agencies using F5 products to act immediately.

The directive requires all federal networks to update F5 technology by October 22. CISA officials said the vulnerabilities could allow hackers to steal credentials, move through internal systems, and compromise entire networks if not patched quickly.

National flag of United Kingdom
Depositphotos

UK raises its own alert

The United Kingdom’s National Cyber Security Center also released a public alert about the F5 breach. It advised British companies and government departments to check all their F5 systems for possible signs of compromise.

The agency urged users to assess every product, report suspicious activity, and install updates immediately. The U.K. warning reflected growing global anxiety that F5’s tools could become a gateway for wider cyberattacks.

Digital government transformation and online public services logos over person using laptop.
Depositphotos

How federal systems could be hit

Because F5 devices are deeply embedded in government networks, any breach poses serious risks. Attackers could exploit vulnerabilities to steal credentials, view classified communications, or disrupt essential public services.

Officials warned that even a small oversight could allow hackers to move laterally across systems, reaching critical data stores. It’s a reminder of how one company’s breach can ripple through multiple layers of national infrastructure.

President of the Peoples Republic of China Xi Jinping in a press conference
palinchak/Depositphotos

China denies hacking involvement

China’s government has rejected accusations that it was involved in the breach, calling them “baseless.” Officials said Beijing firmly opposes cyberattacks and enforces laws against them.

This kind of denial is common in major state-linked hacking cases. Even so, experts note that the U.S. and its allies have repeatedly tied large-scale espionage campaigns to Chinese groups over the past few years.

Customer watching hologram interface warn danger of credit card hacked
Depositphotos

A reminder of hidden dangers

The F5 breach shows how even cybersecurity firms, which are supposed to prevent hacks, can be vulnerable themselves. Hackers often target these companies because their tools grant access to many other systems.

When a provider like F5 is compromised, the potential fallout expands far beyond one company. It can expose data from banks, hospitals, and federal departments that rely on those security products daily.

The homepage of the CISA website
Shutterstock

Officials warn of lasting effects

CISA’s acting director warned that these vulnerabilities can be exploited “with alarming ease.” He said both government agencies and private companies must act fast to prevent wider damage.

The fear isn’t just about stolen code but about trust. Once hackers understand how a product’s security works, it can take months or even years to rebuild confidence and fully secure the technology again.

Lessons learned concept on blackboard.
Depositphotos

Lessons for global cybersecurity

This breach serves as a wake-up call about how interconnected modern systems have become. A single weak point in one company’s code can open doors for attackers across multiple industries.

Experts say better transparency, quicker patching, and continuous monitoring are key to preventing future incidents. The F5 case might push governments and tech firms to rethink how they share information about threats.

Is your business really protected from cyber threats? Explore 19 cybersecurity tools every business should have.

Handwriting text final thoughts concept meaning the conclusion or last
Depositphotos

A global cyber warning sign

The F5 hack isn’t just another data breach. It’s a sign of how global cyber tensions are evolving, where tech infrastructure itself becomes a battlefield. The incident has shown that even the strongest defenses can fall when attackers have time, skill, and backing.

This could reshape how nations approach cybersecurity cooperation and response. If one breach can reach so far, it’s a clear reminder that the next big threat might already be inside the system.

Data theft risks keep rising, with 1.6 million affected in a massive insurance data breach; the threat feels closer than ever.

Could this be the start of a new cyber cold war? Stay tuned and share your thoughts; this story is only getting started.

Read More From This Brand:

Don’t forget to follow us for more exclusive content right here on MSN.

If you like this story, you’ll LOVE our Free email newsletter. Join today and be the first to receive stories like these.

This slideshow was made with AI assistance and human editing.

This content is exclusive for our subscribers.

Get instant FREE access to ALL of our articles.

Author

Dan Mitchell

Author

Dan Mitchell

Dan Mitchell has been in the computer industry for more than 25 years, getting started with computers at age 7 on an Apple II.

Was this helpful?
Thumbs UP Thumbs Down
Prev Next
Share this post
Follow ComputerUser on Flipboard Follow ComputerUser on Flipboard

Lucky you! This thread is empty,
which means you've got dibs on the first comment.
Go for it!

Send feedback to ComputerUser



    We appreciate you taking the time to share your feedback about this page with us.

    Whether it's praise for something good, or ideas to improve something that isn't quite right, we're excited to hear from you.