Yazılar

US cybersecurity firm F5 breach linked to Chinese state-backed hackers, sources say

/in /tarafından

A breach at U.S.-based cybersecurity company F5 has been attributed to state-backed hackers from China, according to two people familiar with the investigation. The revelation comes a day after U.S. officials warned that federal networks using F5 products were being targeted by a “nation-state cyber threat actor.”

Sources told Reuters that the hackers had been inside F5’s network for over a year, gaining access to sensitive files, including parts of the company’s source code and details about vulnerabilities that could be exploited to attack government and corporate systems.

The Cybersecurity and Infrastructure Security Agency (CISA) said the breach posed an imminent threat to U.S. federal networks and urged immediate patching and updates to F5 devices. Acting Director Madhu Gottumukkala warned that the same vulnerabilities could lead to “a catastrophic compromise of critical information systems” across sectors.

F5, which provides security and networking products to both public and private clients, has not commented on the attribution. The company previously confirmed unauthorized access to some internal systems but said its operations were unaffected.

Responding to the allegation, Chinese Embassy spokesperson Liu Pengyu said Beijing “opposes and combats hacking activities in accordance with the law” and criticized what it called “false information for political purposes.”

U.S. investigators are continuing to assess the full scope of the breach, which highlights the persistent cybersecurity risks facing key technology providers in both government and industry supply chains.

U.S. Investigates Malware Email Linked to China Targeting Trade Talks

/in /tarafından

U.S. authorities are probing a malware-laden email disguised as coming from Republican Representative John Moolenaar, aimed at infiltrating organizations connected to U.S.-China trade negotiations, the Wall Street Journal reported Sunday.

The July email was sent to trade groups, law firms, and government agencies, asking recipients to review draft legislation. Cyber analysts traced the malware to APT41, a hacking group widely believed to be linked to Chinese intelligence. Opening the attachment would have given hackers deep access to the targets’ systems.

Moolenaar, a vocal critic of Beijing and chair of a congressional committee on U.S.-China competition, said the incident was “another example of Chinese cyber operations aimed at stealing U.S. strategy,” adding: “We will not be intimidated.”

The attack coincided with sensitive trade talks in Sweden, which temporarily extended a tariff truce between Donald Trump and Xi Jinping until their expected November meeting at an Asian economic summit.

The Chinese embassy in Washington denied knowledge of the incident, stressing opposition to all cyberattacks while warning against “smearing others without solid evidence.”

The FBI confirmed it is working with partners to track those responsible. Meanwhile, the Capitol Police are investigating after staff on Moolenaar’s committee noticed unusual inquiries about the fake message.

The episode adds to mounting evidence of Beijing-linked cyber campaigns targeting U.S. institutions to gain insight into trade and national security deliberations.

Hacker Breach of TeleMessage Exposes Communications Across U.S. Government

/in /tarafından

A hacker who breached TeleMessage, a secure communications platform used by U.S. officials — including former Trump national security adviser Mike Waltz — accessed a broad range of messages from multiple government agencies, according to a Reuters investigation. The breach has significantly expanded the scope of concern over data security in the Trump administration and beyond.

The leaked data, obtained by nonprofit transparency group Distributed Denial of Secrets, revealed intercepted communications involving over 60 unique U.S. government users, including:

  • Disaster responders

  • Customs and Border Protection officials

  • U.S. diplomats

  • Secret Service members

  • A White House staffer

  • FEMA and financial sector personnel

The messages, spanning a roughly 24-hour period ending May 4, included discussions related to travel logistics for senior U.S. officials, such as a group labeled “POTUS | ROME-VATICAN | PRESS GC,” likely linked to preparations for a presidential visit. Another appeared to discuss a trip to Jordan involving U.S. personnel.

While Reuters did not identify any classified or overtly sensitive information, experts caution that the metadata alone — including who was talking to whom, when, and in what context — poses a serious counterintelligence risk.

“Even if you don’t have the content, that is a top-tier intelligence access,” said Jake Williams, a former NSA cyber expert, now at Hunter Strategy.

Waltz and Previous Signal Controversy

The breach of TeleMessage, which modifies secure apps like Signal to meet federal archiving requirements, drew attention after Mike Waltz was photographed using the platform during a Cabinet meeting on April 30. While no messages directly linked to Waltz have surfaced in the leak, his previous misuse of Signal — including inadvertently adding a journalist to a chat discussing real-time air raids on Yemen — led to his removal as national security adviser. He was later nominated to serve as U.S. ambassador to the United Nations.

Unclear Scope, Ongoing Investigations

The extent of the breach remains under investigation. The platform, owned by Smarsh, a Portland, Oregon-based digital communications firm, was taken offline on May 5 “out of an abundance of caution.” Smarsh has not responded to media inquiries.

Affected agencies include:

  • Department of Homeland Security

  • State Department

  • Centers for Disease Control and Prevention (CDC)

  • Federal Emergency Management Agency (FEMA)

  • Customs and Border Protection (CBP)

While some agencies downplayed the risk or claimed no confirmed compromise, others are still conducting internal reviews. The Cybersecurity and Infrastructure Security Agency (CISA) has since advised all users to cease use of the platform unless further mitigation steps are provided.

Key Questions Unanswered

Neither Waltz nor the White House has publicly addressed how or why TeleMessage was used or whether any guidelines were breached. The use of such platforms — designed to balance privacy, security, and legal compliance — now faces renewed scrutiny amid the apparent ease with which the hacker penetrated multiple layers of sensitive communications.

The incident adds to a growing list of cyber breaches targeting U.S. institutions in recent years, raising alarm about the resilience of federal communications systems in a time of heightened geopolitical risk and digital espionage.