WASHINGTON, Oct 15 (Reuters) -

U.S. government officials said on Wednesday that federal

networks are being targeted by an unidentified "nation-state

cyber threat actor" that's trying to exploit vulnerabilities in

products made by the cybersecurity company F5.

In a statement, the Cybersecurity and Infrastructure

Security Agency said exploitation of the devices "could allow

the threat actor to move laterally within an organization's

network, exfiltrate sensitive data, and establish persistent

system access, potentially leading to a full compromise of

targeted information systems."

Earlier, F5 said it had detected unauthorized access to

certain company systems by a threat actor, but the breach had no

impact on its operations.

The company discovered the intrusion on August 9 and took

"extensive actions" to contain the threat, engaging external

experts, including CrowdStrike ( CRWD ), Mandiant, NCC Group and

IOActive, to assist with the investigation, it said in a filing

with the U.S. Securities and Exchange Commission.

F5, a provider of cybersecurity and multi-cloud application

services, said the attacker had long-term access to its internal

systems used to develop BIG-IP software and stole files

containing parts of the program's code and details about

security flaws that had not yet been made public.

The company, however, said it found no signs that key

security flaws were used in attacks or that its software

development process had been tampered with.

F5 said information from a few customers was involved in the

breach, and it was reaching out to those affected directly.

The company continues to strengthen its security controls

and infrastructure following the incident, it said, adding that

the U.S. Department of Justice had approved a delay in publicly

disclosing the breach until September 12, citing national

security considerations.