US cybersecurity firm FireEye is the victim of a hack delivered by a “highly sophisticated threat actor.” The firm confirmed that a trove of their own offensive hacking tools was stolen in the attack, meaning the hackers can potentially repurpose these tools in their offensive hacks.
Cybersecurity firms with global renown are frequently high-value targets for hacking groups, but FireEye ranks towards the top of that list due to its close links to governments and agencies worldwide.
What Happened in the FireEye Hack?
Very little is known about the nuts and bolts of the FireEye hack. What is known is that a suspected nation-state threat actor accessed FireEye using “a novel combination of techniques” that set the attack apart from others seen by the firm.
FireEye CEO Kevin Mandia detailed the attack in a blog on the FireEye site.
Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. Our number one priority is working to strengthen the security of our customers and the broader community. We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber attacks.
The attackers stole some of FireEye’s Red Team tools. In cybersecurity, a “red team” is an offensive team used to attack and access a network or computer. Conversely, a “blue team” defends from attack.
These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.
Understandably, FireEye did not disclose the specific tools stolen. However, they confirmed the preparation of over 300 countermeasures that customers and the community can use to “minimize the impact” of these tools.
Who Is Behind the FireEye Hack?
As per the FireEye statement, a sophisticated nation-state threat actor is behind the hack. Only a hacking team backed by government resources would have access to the resources required to pull off such an audacious attack.
FireEye confirmed that the attacker also attempted to access information on FireEye’s government customers, which adds further credence to the idea of a nation-state hacker. Although sensitive files were the target, FireEye has “seen no evidence that the attacker exfiltrated data from our primary systems.”
In short, the Red Team tools were stolen, but FireEye’s confidential data remains secure.
The FireEye hack is eye-catching and headline-grabbing. The tools could make it easier for hackers to launch sophisticated attacks against other targets. But as FireEye—and everyone else, for that matter—doesn’t know what the attacker will do with the tools, it is all speculation.