Cyber Alert: F5 Security Incident and BIG-IP Exfiltration

Kopiha Nathan
Decorative imagery for cyber alert notices - a figure sitting atop a laptop with a lock next to it.

Attention HIROC Subscribers:

As your proactive partner in safety, HIROC is sharing the following important notice.

Please share this Alert with your Information Technology (IT) team, Information Security Management team, Chief Information Officer, and Chief Technology Officer and, as appropriate, with your users, to raise awareness about a potential cyber threat and to address potential risks promptly.


The purpose of this Alert is to raise awareness about a recently-reported F5 security incident, its potential impact on certain F5 systems, and the measures that can be taken to reduce exposure. HIROC recognizes that third-party technology risks continue to be a source of concern for our Subscribers. We encourage you to review your environments and take the recommended precautions.

HIROC has become aware of the F5 security incident K000154696, published on October 15, 2025, which reported that a highly sophisticated nation-state threat actor maintained long-term, persistent access to certain F5 systems, including the BIG-IP product development environment, engineering knowledge management platforms, and configuration or implementation information for a small percentage of customers.

F5 has confirmed that files were exfiltrated from these systems. While there are no known active exploits of undisclosed F5 vulnerabilities currently, the incident underscores the importance of assessing your F5 assets and mitigating potential exposure.

Additionally, HIROC recommends the following for our Subscribers:

We are here for you!

In the event of a cyber loss, please contact HIROC’s Claims Department at [email protected].

For Healthcare Safety and Risk Management resources and advice, please contact [email protected].

If you have any questions about this Alert, please contact Kopiha Nathan, HIROC’s Privacy and Compliance Officer at [email protected].

Thank you for your vigilance and attention to this matter.

References