Posted on December 9, 2020 at 5:09 PM
Cybersecurity Firm FireEye Becomes Victim of State-Sponsored Attack
Top cybersecurity firm FireEye revealed its systems were compromised by hackers recently, who are possibly Russian state-sponsored threat actors.
The Silicon Valley security company, with more than 8,000 customers from government and top companies, said the hackers stole tools that can be used for attacks throughout the world.
The FireEye security firm has helped government agencies and top companies all over the world to protect their systems against suspected hacking attempts. The firm has also been called upon to investigate successful hacking attempts. The attack could have been carried out as revenge against the firm that has assisted companies to thwart attacks on several occasions.
According to FireEye, hackers were able to infiltrate its network and stole “red team tools” the firm utilizes to test the defense systems of clients.
But it didn’t say whether information about threat intelligence, breach response, or customers was stolen.
Although the security firm did not say when the attack occurred, it has been resetting user passwords for the past two weeks, suggesting the attack would have taken place within the period.
Attack Carried Out With Sophisticated Tools
According to Kevin Mandia, FireEye chief executive officer, the attack on the firm’s servers is carried out by state-backed actors with top-level hacking capabilities.
“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” he said.
Mandia also said the attack is different from other types of hacking incidents the firm has responded to over the years.
Assistant FBI director for the cyber division Matt Gorham pointed out that the FBI has started investigating the incident. He said earlier investigations show that the threat actors responsible for the hack used sophisticated tools consistent with a nation-state.
Russian State Actors Suspected
The nature of the attack, according to the firm, shows not all state-backed actors can pull off the hack. Evidence is pointing to Russia’s intelligence agencies who may be asserting revenge for the cybersecurity’s incessant efforts to thwart their operations.
The nature of the attack means a thorough investigation is needed, which is why it decided to call on the FBI to carry out a serious investigation, FireEye said.
The security firm is worth $3.5 billion, and its clients include some Fortune 500 companies. Although FireEye did not mention specifically that Russian hackers were involved in the hack, the FBI’s decision to contact its Russia specialists suggest the attackers were Russian intelligence agencies. Also, the fact that the hackers were after what is called the “Red Team tools” is another indication the perpetrators are Russian-backed hackers.
The hacking incident raises the possibility that the Russian-state sponsored hackers saw a loophole and a slack of defense as many cybersecurity agencies were more concerned about safeguarding the US presidential election system.
So, while US private and public intelligence systems were protecting against breaches on voting machines or voter registration systems, the Russian-backed hackers were busy exploiting other targets. The attention of the US security agencies turned to the electoral systems and tried to protect against any intrusion because Russian-state hackers were involved in the previous election in 2016.
According to some observations about the hack, this could have been the perfect time for the Russian hackers to turn their attention to other things they may find useful.
Hack Is The Second Biggest Theft Of Hacking Tools
According to reports and investigations about the hack, this attack is the biggest known theft of cybersecurity tools since 2016 when the National Security Agency (NSA) had a similar issue. In 2016 when NSA lost some files, the unknown hackers who called themselves ShadowBrokers dumped the stolen hacking tools on the darknet.
The act equipped some hackers and state-backed threat actors with some sophisticated tools they can use to exploit vulnerabilities.
After the tools were exposed, Russia and North Korea used the stolen weaponry to launch destructive attacks on hospitals, government agencies, and some of the largest companies in the world According to estimates about the financial impact of the hacking exploit, the result of the hacking activities by both Russian and North Korean hackers could cost more than $10 billion.