December 9, 2020

FireEye hacking tools stolen in “highly sophisticated” state-sponsored attack

By Robert Scammell

US cybersecurity firm FireEye said it was hit by a “highly sophisticated” cyberattack launched by a nation state with “top-tier offensive capabilities”.

California-based FireEye said the threat actors stole hacking tools that the company uses to “mimic the behaviour” of cybercriminals when testing its customers’ security.

The company said it was unsure whether the attacker plans to use the stolen ‘red team’ tools or publicly disclose them. It said it has seen “no evidence to date” that the tools have been used but has developed countermeasures to prevent them being used against companies.

None of the stolen tools contain zero-day exploits, a type of vulnerability that is previously unknown to researchers and without a fix, the company added.

An investigation is underway in coordination with the FBI and other partners, including Microsoft. Initial analysis by the FBI supports the theory that the attack was state-sponsored.

Revealing the attack in a blog post published Monday, FireEye CEO Kevin Mandia said the culprit used a “novel combination of techniques not witnessed by us or our partners in the past”.

He said the FireEye cyberattack was “different from the tens of thousands of incidents we have responded to throughout the years”.

According to Mandia, the attackers sought information on FireEye’s government customers. However, FireEye has seen no evidence that the hackers were able to steal this data.

Independent security expert Graham Cluley described the attack as “embarrassing” and “horrifying” for FireEye.

“It’s the kind of nightmare that makes the CEOs of cybersecurity firms wake up in the middle of the night in a cold sweat,” he said in a blog post.

Many breached companies tend to describe cyberattacks as “highly sophisticated” despite the method often being relatively simple, such as a phishing email.

However, Cluley told Verdict that “we can trust FireEye” in its assessment.

He added that FireEye is an “attractive target” for a state-sponsored attacker and that the company likely has more details on the attack method than it is currently sharing.

Founded in 2004, FireEye was one of the cybersecurity firms that attributed the 2016 Democratic National Committee hacks to Russian intelligence agencies. The company’s share price fell by 7% in after-hours trading on Monday.

Read more: Home Depot agrees $17.5m settlement for 2014 mega breach