Prominent U.S. cybersecurity company FireEye said Tuesday that “world-class capacity” international government hackers hacked through its network and snatched offensive instruments it uses to monitor the defences of its thousands of clients, including federal, state, and local governments and top global companies.
In a tweet, FireEye CEO Kevin Mandia said without identifying them, the hackers “primarily sought information related to certain government clients.” He said there was no suggestion that they had client data from the advisory or breach-response firms of the organization or threat-intelligence data it gathers.
It reacted to the Sony and Equifax data breaches and helped Saudi Arabia foil a cyber assault on the oil industry and played a key role in naming Russia as the protagonist of multiple assaults in the emerging netherworld of global digital conflict. FireEye is a major cybersecurity player
Neither Mandia nor a spokesperson for FireEye said when the company found the hack or who could be liable. Yet Russia is suspicious by those within the cybersecurity community.
Said former NSA hacker Jake Williams, president of Rendition Infosec, “I think what we know of the operation is consistent with a Russian state actor.” “It is still a big win for Russia, whether or not customer data has been accessed.”
Mandia from FireEye said he had suspected that behind the attack was a nation with top-tier offensive capabilities.”
In the wrong hands, the stolen “red team” instruments, which amount to real-world ransomware, may be hazardous. FireEye has said that there is no evidence that they were maliciously exploited. But specialists in cybersecurity believe advanced nation-state hackers could change them and use them against government or business goals in the future.
The hack was the U.S. cybersecurity community’s biggest blow since a mysterious group known as the “Shadow Brokers” revealed a cache of high-level hacking instruments stolen from the National Security Agency in 2016. The U.S. claims North Korea and Russia capitalised on the stolen resources to launch destructive global cyberattacks.
The Cybersecurity and Infrastructure Protection Agency of the country cautioned that “unauthorised third-party users” might misuse the stolen red-team software of FireEye in a similar way.
In Tuesday’s announcement, Milpitas, California-based FireEye, which is publicly traded, said it had built 300 countermeasures to shield clients and others from them and made them available immediately.
In investigating state-backed hacking organizations, FireEye has been at the forefront, including Russian groups seeking to get into U.S. state and local governments running elections. It was credited with attributing mid-winter attacks in 2015 and 2016 on Ukraine’s energy grid to Russian military hackers. Social networking platforms, including Facebook, have also helped detect harmful actors through their danger hunters.
Thomas Rid, a cyber conflict scholar from Johns Hopkins, said that if the Kremlin was behind the attack, it may have been attempting to discover what FireEye knew about the global state-backed activities of Russia, performing counterintelligence. Or it may aim to retaliate against the U.S. government over actions that include accusing Russian military hackers of interfering in the U.S. election in 2016 and other suspected crimes. After all, FireEye is a close associate of the U.S. government who has “exposed many Russian operations,” he said.
In cooperation with the FBI and collaborators, including Microsoft, which has its own cybersecurity unit, FireEye said it is investigating the attack. The hackers used a novel combination of techniques not seen in the past by us or our partners,” Mandia said.
Matt Gorham, assistant director of the cyber division of the FBI, said the “high level of sophistication (was) compatible with a nation-state” of hackers.
Gorham said the U.S. government is “focused on imposing risk and implications on malicious cyber actors, so they think twice before attempting an intrusion in the first place.” It contained whether the U.S. Cyber Command describes “defending forward” activities such as Russia’s networks and other enemies have invaded.
US. U.S. FireEye applauded Sen. Mark Warner, a Virginia Democrat on the intelligence committee of the Senate, for immediately exposing the attack, saying the event shows the difficulty of stopping determined nation-state hackers.”
Cybersecurity expert Dmitri Alperovitch said protection firms such as FireEye are top priorities, with in the past breaches of major names in the industry such as Kaspersky and Symantec.
“Each defence firm is being threatened by nation-state actors. This has been going on for more than a decade now said Alperovitch, Crowdstrike’s co-founder and former chief technical officer, who investigated the Democratic National Committee’s 2016 Russian hack and Hillary Clinton’s campaign.
Although a major problem, he said the introduction of the “red-team” instruments was not the end of the world because threatened actors always create new tools.”
“This could have been much worse if their client data had been compromised and exfiltrated. There is no proof of that so far,” Alperovitch said, citing hacks from other cybersecurity companies, RSA Security in 2011 and Bit9 two years later, which contributed to the customer data compromise.
Formed in 2004, FireEye went public in 2013 and, months later, purchased Mandiant Corp., a corporation headquartered in Virginia that linked years of cyberattacks on U.S. corporations to a secret Chinese military unit. It had about 3,400 staff and $889.2 million in sales last year, but with a net loss of $257.4 million.
More than half of Forbes Global 2000’s 8,800 customers last year included telecommunications, technology, financial services, healthcare, power grid providers, pharmaceutical firms and the oil-and-gas sector.
In after-hours trading Tuesday, its shares plummeted more than 7 percent following news of the hack.