• Sun. Dec 11th, 2022

Leading cybersecurity firm FireEye says it’s been hit by a hack by a state-sponsored attacker. Hackers targeted the firm’s so-called Red Team tools, which it uses to test its customer’s security and find vulnerabilities.

Dec 9, 2020

It says tools use to assess customer security were accessed
Illustration by Alex Castro / The Verge
One of the USs leading cybersecurity firms, FireEye, says its been hacked by a state-sponsored attacker. Hackers targeted and accessed the firms so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now theres concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe any customer information was taken.
Although the blog post, authored by FireEye CEO Kevin Mandia, does not say who is responsible, it says that the attacking nation has top-tier offensive capabilities. The Wall Street Journal reports that Russia is a suspect, specifically its foreign-intelligence service known as the SVR. However, the investigation into who is responsible is ongoing.
This attack is different from the tens of thousands of incidents we have responded to throughout the years
This attack is different from the tens of thousands of incidents we have responded to throughout the years, Mandia wrote in the post, noting that the attackers are highly trained in operational security and executed with discipline and focus. The disclosure did not say when the hack took place or when FireEye became aware of it.
They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past, wrote Mandia. FireEye says its investigating the hack alongside the Federal Bureau of Investigation, as well as industry partners like Microsoft.
FireEyes disclosure of the attack, which the WSJ notes caused its shares to drop around 7 percent in after-hours trading, was praised by US Senator Mark Warner, who serves as vice chairman of the Senate Select Committee on Intelligence and co-chairs the Senate Cybersecurity Caucus. I applaud FireEye for quickly going public with this news, and I hope the companys decision to disclose this intrusion serves as an example to others facing similar intrusions, he said, adding that the attack shows the difficulty of stopping determined nation-state hackers.
In response to the attack, FireEye said it has developed over 300 countermeasures to help its customers and the cybersecurity community defend against the stolen tools. Its implemented these countermeasures into its own security products, shared them with colleagues in the security community, and is making them publicly available. FireEye intends to share further countermeasures as they become available.