FireEye, one of the largest cybersecurity companies in the United States, said it believed it was the victim of a government-sponsored hacking attack that resulted in the theft of the company’s internal tools used to conduct penetration tests on other companies.
“Recently, we were attacked by a highly sophisticated threat participant whose behavioral discipline, operational safety, and technology convinced us that this was a state-sponsored attack,”
FireEye CEO Kevin Mandia detailed this in his blog event. “This attack is different from the thousands of incidents we have dealt with over the years.” Mandia did not disclose when the attack occurred.
FireEye has various customers in the national security field in the United States and abroad. After the disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) issued an announcement, recommending that cybersecurity experts learn about the incident as soon as possible.
The company stated that none of the stolen tools contained zero-day exploits-this is an unfixed vulnerability. There is also no evidence that these tools have been used in the wild, or that the people behind the attack were able to obtain any client data. But for security reasons, FireEye shared some countermeasures that can detect or prevent the use of stolen tools.
These countermeasures are publicly available on GitHub. The company also cooperated with Microsoft and the FBI to investigate what happened. Mandia said: “We are not sure if the attackers intend to use our red team tools or publicly disclose them.”
According to the “Washington Post” report, it is believed that APT29 (also known as “Comfort Bear”), a hacker organization related to the Russian Foreign Intelligence Agency, maybe behind the attack. This is the organization that hacked into the Democratic National Committee server before the 2016 presidential election.
A Microsoft spokesperson told Reuters: “This incident shows why the security industry must work together to defend and respond to threats posed by well-funded opponents with novel and advanced attack techniques.”
As the “New York Times” pointed out, this is the largest cybersecurity tool theft since the US National Security Agency was hacked by the “Shadow Broker” organization. This attack resulted in WannaCry, which Russia and North Korea used to carry out ransomware attacks on hospitals, businesses, and other organizations.