Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks

Microsoft-documented campaign: threat actors exploited an end-of-life F5 BIG-IP VE (v15.1.201000) and a reclassified critical F5 APM RCE (CVE-2025-53521) to gain SSH access, pivot to an internal Atlassian Confluence server, and use extracted credentials plus a Kerberos/NTLM relay vulnerability (CVE-2025-33073) to achieve domain-level compromise; the report details attacker tooling, hashes and C2 information, links to BRICKSTORM/source-code theft, and provides mitigations including retiring EOL appliances, patching, and hardening authentication.