U.S. cybersecurity company F5 fell 12% on Thursday after disclosing a system breach in which a “highly sophisticated nation-state threat actor” gained long-term access to some systems.

F5 shares were pacing for the worst day since April 27, 2022, when the stock fell 12.8%.

The company disclosed the breach in a Securities and Exchange Commission filing on Wednesday and said the hack affected its BIG-IP product development environment. F5 said the attacker infiltrated files containing some source code and information on “undisclosed vulnerabilities” in BIG-IP.

The breach was later attributed to state-backed hackers from China, Bloomberg reported, citing people familiar with the matter.

F5, which was made aware of the attack in August, said they have not seen evidence of any new unauthorized activity.

“We have no knowledge of undisclosed critical or remote code vulnerabilities, and we are not aware of active exploitation of any undisclosed F5 vulnerabilities,” F5 said in a statement.

The cybersecurity giant told customers that hackers were in the network for at least 12 months and that the breach used a malware called Brickstorm, according to Bloomberg.

F5 would not confirm the information.

Brickstorm is attributed to a suspected China-nexus threat dubbed UNC5221, Google Threat Intelligence Group said in a blog post. The malware is used for maintaining “long-term stealthy access” and can remain undetected in victim systems for an average of 393 days, according to Mandiant.

The attack prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency on Wednesday, telling all agencies using F5 software or products to apply the latest update.

“The alarming ease with which these vulnerabilities can be exploited by malicious actors demands immediate and decisive action from all federal agencies,” CISA Acting Director Madhu Gottumukkala said. “These same risks extend to any organization using this technology, potentially leading to a catastrophic compromise of critical information systems.”

The UK’s National Cyber Security Centre also issued guidance for the F5 attack, advising customers to install security updates and continue monitoring for threats.