Major cybersecurity firm FireEye has been hit by a cyberattack, with hackers stealing its attack test tools in a targeted heist, the company said in a blog, posted on Tuesday. It is not clear exactly when the hack initially took place.
FireEye, one of the largest cybersecurity companies in the US, said on Tuesday that foreign government hackers with “world-class capabilities” broke into its network and stole tools it uses to test the defences of its thousands of customers, who include federal, state and local governments and major global corporations.
The possibility that this hacking attempt was made by the Russian Intelligence agencies is considered by many, even though it is not official yet. It is assumed that while the American’s attention (including FireEye’s) was mostly focused on securing the presidential election system, the Russian intelligence agencies took advantage in building up the attack.
At a time when the country’s public and private intelligence systems were discovering violations of the voter registration system or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their attention to other targets.
“I do think what we know of the operation is consistent with a Russian state actor,” said former NSA hacker Jake Williams, president of Rendition Infosec. “Whether or not customer data was accessed, it’s still a big win for Russia.”
On Tuesday, Russia’s National Association for International Information Security held a forum with global security experts where Russian officials again claimed that there was no evidence its hackers were responsible for attacks that have resulted in American sanctions and indictments.
The hackers “primarily sought information related to certain government customers”, said FireEye’s CEO, Kevin Mandia, in a statement, without naming them. He said there was no indication the hackers got customer information from the company’s consulting or incident-response businesses or threat intelligence data it collects.
“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said, deeming it “different from the tens of thousands of incidents we have responded to throughout the years”.
“These tools mimic the behaviour of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” said Mandia. “None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen red team tools.”
But if stolen, these tools could make it easier for hackers to launch attacks against their victims.
Milpitas, California-based FireEye, which is publicly traded, said in Tuesday’s statement that it had developed 300 countermeasures to protect customers and others from them and was making them immediately available
FireEye said it had reported the incident to the FBI and alerted industry partners, like Microsoft, to the breach. Microsoft said it was assisting with FireEye’s investigation.
“This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques,” said Microsoft’s Jeff Jones. “We commend FireEye for their disclosure and collaboration so that we can all be better prepared.”