SAN FRANCISCO: Hacker fighting firm FireEye on Tuesday said its own defenses were breached by sophisticated attackers who stole “Red Team” tools used to test customers’ computer systems. While the hackers had yet to be identified, their tactics and targets led FireEye to believe it was a state-sponsored attack “by a nation with top-tier offensive capabilities.” “The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyber-attacks,” said US Senator Mark Warner, a Democrat who is vice chairman of the senate Select Committee on Intelligence.
“We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers.” It did not appear any customer data was stolen from FireEye, or that the taken tools have been used in other attacks, according to the Silicon Valley-based firm.
“The attackers tailored their world-class capabilities specifically to target and attack FireEye,” FireEye chief executive Kevin Mandia said in a blog post revealing the breach. “They used a novel combination of techniques not witnessed by us or our partners in the past.” FireEye shares were down more than 7 percent in after-market trades that followed released of news about the hack.
FireEye said it is investigating the attack with help from the FBI and industry partners, including technology colossus Microsoft. “Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques,” Mandia said.
The hackers primarily sought information related to government customers which is consistent with nation-state cyberespionage, according to FireEye. Also targeted in the attack were “Red Team” tools that help diagnose the security of customers’ networks by mimicking the behavior of hackers, Mandia said. FireEye was making available countermeasures to defend against someone using the tools. The US Department of Homeland Security said it was aware of the attack but that it had no information indicating the stolen cyber tools were being “maliciously used” so far.
US spy agencies have been asked to brief the House Permanent Select Committee on Intelligence about the cyberattack in the coming days, according to chairman Adam Schiff, a Democrat from California. “Foreign actors have not stopped attacking our country and its critical and cybersecurity infrastructure since 2016,” Schiff said. Schiff found it troubling that the hackers stole from FireEye tools that could be used in future attacks.
The FireEye hack came less than two months after the US Treasury announced sanctions against a Russian research institute which it said was tied to the powerful malware Triton, used to damage a Saudi petrochemical plant in 2017. FireEye tied Triton to the Moscow-based research institute and a specific, unnamed person with close ties to the institute. It was not determined whether Russia was linked to the FireEye hack.
“The Russian government continues to engage in dangerous cyber activities aimed at the United States and our allies,” Treasury Secretary Steven Mnuchin said in a statement at the time. FireEye’s track record includes identifying an Iran-based social media campaign to sway public opinion by impersonating reporters, politicians and others, as well as identifying North Korean hackers implicated in of a wave of cyberattacks on global banks that netted “hundreds of millions” of dollars. – AFP