In the past few weeks, several large American companies have been breached, but none have been more shocking than the cyber attack on FireEye. FireEye is one of the nation’s top cybersecurity firms and last week it reported that nation-state hackers targeted their company. What makes this attack particularly important is that FireEye has government clients and the breach may have led to foreign nation-state hackers getting sensitive data. The full extent of the breach has still not been disclosed, here’s what we know so far:
The breach was architected by nation-state hackers: Cybersecurity companies often get targeted by hackers due to their valuable clientele, but this instance was different from other attempts. FireEye CEO Kevin Mandia stated that “They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.” The tools available to the hackers in addition to their discipline and focus on extracting governmental data raised significant alarms. The Washington Post reported that this attack was carried out by Russian intelligence. This was part of a larger global espionage campaign that has stretched back months.
FireEye’s Red Team Tools was stolen: One of the main accomplishments of the breach was that Russian intelligence gained access and stole FireEye’s Red Team Tools. FireEye uses Red Team Tools to probe organizations’ security and address their vulnerabilities. Some of the tools were already open sourced, but there were many tools that were developed in-house that can be used to compromise the U.S. government’s security in addition to the thousands of other FireEye clients. Russian intelligence specifically targeted tools that have been previously used to protect governmental agencies. FireEye CEO Mandia stated “seen no evidence of successful exfiltration of data related to incident response and consulting engagements or metadata collected by their products.”
Incident response: FireEye has stated that there hasn’t been any indication that the nation-state hackers have used or leaked any of the stolen tools yet. With the resources in both manpower and capital the Russian government has, this statement from FireEye doesn’t mean much because this can be hidden. FireEye has been working with the FBI and Microsoft to mitigate the consequences of the breach. FireEye has also created several countermeasures to detect the usage of their stolen tools and this will alert authorities immediately. They have cooperated with federal agencies and provided all the vulnerabilities in their tools in case Russian intelligence deploys them. It’s still unknown how Russian intelligence may use the tools stolen from FireEye, some speculate that they may modify it and deploy it at a later date.
To learn more about how to improve your company’s cybersecurity, take a free assessment here.