<img src="https://ad.doubleclick.net/ddm/activity/src=9826842;type=pagev0;cat=allsi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1?" width="1" height="1" alt="">

 INTELLIGENCE BRIEF 

F5 BIG-IP Breach: OT Boundary Risk 

On 15 October 2025, F5 released a security advisory stating the organization had discovered a likely state-sponsored adversary established and maintained long-term, persistent, unauthorized access to the F5 BIG-IP product development environment and engineering knowledge management platforms.

According to the F5 statement, the adversary also exfiltrated files containing source code and undisclosed vulnerabilities. Dragos telemetry data confirmed the presence of F5 systems within the networks of industrial organizations, indicating a risk of lateral movement into operational technology (OT) networks as a result of the breach of F5. 

f5-bigip-breach-cover-ipad

This intelligence brief translates the F5 BIG-IP breach into concrete actions for OT/ICS networks. It covers why boundary devices matter, what this means for remote access to substations and plants, and the immediate steps to harden your OT/ICS environment. Backed by Dragos threat intelligence and telemetry, it includes recommendations mapped to the Five Critical Controls, plus practical, in-platform guidance for Dragos customers. 

Explore our Resources

Expand your intel and cybersecurity skill sets with resources and training from your ally. Our unprecedented ICS/OT knowledge and expertise are at the ready through our robust catalogue of whitepapers, playbooks, webinars, report, and other resources for every challenge.

See the Dragos Platform in Action

COPYRIGHT © 2025 DRAGOS, INC., ALL RIGHTS RESERVED.
For information about how we collect, use, share or otherwise process information about you, please see our privacy policy. and Terms of Service for more information.