Thread regarding F5 Networks Inc. layoffs

so how did we get hacked?

Cyber: F5 experienced the same breach in March 2021. In Nov 2021 they announced they’re doubling their India staff which is now 20% of their headcount.

The WFH engineering is entirely in India. Only pre-sales and service engineers in US. None of these cyber SME’s will investigate India or the Beijing operations but I bet they’ll find a previously unknown vulnerability.

BTW India outlaws VPNs and these dudes WFH on Huawei networks. What happens to encrypted data traveling through China where encryption is illegal? Good question - cryptologists don’t seem to know. Bet they had anonymous security groups and no one checked logs so they didn’t even know. 95% of breaches involve insiders - negligence or intentional theft. I call it the offshore 401K.

#Breach #Cybersecurity #WFH #Offshore
by Anonymous
| 1851 views | | 8 replies (last October 18) | Reply
Post ID: @OP+1k7qb2e1v
Comment! It's anonymous!

8 replies (most recent on top)

Sorry but it’s hard to feel an ounce of surprise or remorse after the way the company has been diving (look at this timeline, many of the best and brightest/ most security-conscious were punted. This is what happens when you continually dismantle something awesome for profit. (Microcosm of the greater societal dilemma truly)

by YoursTrulyGetEffed
| | Reply
Post ID: @ja+1k7qb2e1v

@e0 cheap engineers, expensive executives

by Anonymous
| | Reply
Post ID: @e6+1k7qb2e1v

@OP F5 no longer employ's the best engineers - just the cheapest.

by Anonymous
| | Reply
Post ID: @e0+1k7qb2e1v

@OP Profit driven over excellence driven

by Anonymous
| | Reply
Post ID: @ds+1k7qb2e1v

@a1 note the hiring is for 3 managers and 2 doing real work....

Gotta love F5.

go figure...

by Anonymous
| | Reply
Post ID: @an+1k7qb2e1v

@OP The timeline underscores the stealth and patience of the adversary and the urgency of the current situation.

The Intrusion (2024 – Mid-2025):

For at least a year, UNC5221 operated undetected within F5’s development environment. What made this intrusion last so long wasn’t sophistication alone—it was familiarity. The attackers understood how defenders think, where they rarely look, and used that knowledge to vanish in plain sight.

The Discovery (Late Summer 2025): F5 became aware of the intrusion, triggering a confidential investigation. The U.S. Department of Justice authorized a delay in public disclosure due to a substantial risk to national security, a fact confirmed in F5’s SEC filing.

The Public Alert (October 15, 2025): CISA issued its Emergency Directive, making the threat public and mandating immediate action for federal agencies.
This timeline confirms the breach is not over. For F5’s customers, the period of highest risk is just beginning.

https://resources.blackkite.com/blog/nightmare-on-f5-street-deconstructing-the-f5-breach-and-its-systemic-supply-chain-risk/

by Anonymous
| | Reply
Post ID: @aa+1k7qb2e1v

@OP AI Overview
India does not have a nationwide VPN ban, but it requires VPN services to log and store user data, which many providers refuse to do due to privacy concerns. While using a VPN is not illegal, and some local and "virtual" servers are allowed, the government's data retention laws have forced some companies to remove physical servers from India and have led to local app store bans. Some specific instances have occurred, such as a temporary ban in a particular district of Jammu and Kashmir due to security concerns.

Big Brother at work in India. Now why did F5 want to open engineering there? Stupid stupid stupid...

by Anonymous
| | Reply
Post ID: @a7+1k7qb2e1v

Their WFH engineering org is in India. 2 weeks ago they posted for Risk Mgr, DevSec Engineer, IT Audit Mgr, IT Auditor, and SOX Compliance Mgr which presumes they had no one in these roles. This suggests this attack was due to negligence of those in India on Huawei networks in which outlaws VPN.

by Anonymous
| | Reply
Post ID: @a1+1k7qb2e1v

Post a reply

: