FireEye - Top Cyber Security Firm Got Hacked

One of the world largest security firms "FireEye", said today it was hacked, most likely by a nation-state that made off with potent “red-team” attack tools used to pierce network defenses. 

In the press release today, FireEye CEO Kevin Mandia said that highly sophisticated threat actor accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers. These actor also searched for information related to some of the company's government customers.

As the investigation is ongoing, but it suggests that a group that was already capable of penetrating a company with FireEye’s security prowess and resources is now in possession of new exploits, backdoor implants, or other tools, making the hackers an even greater threat to organizations all over the world.

As FireEye believes the attackers got their hands on its custom penetration testing tools, the company is now sharing list of the CVE's and other vulnerabilities that hacker or other cyber crooks can use in their hacking attempt. These list s can help other companies detect if hackers used any of FireEye's stolen tools to breach their networks.

So far, the company has seen no evidence that the tools are actively being used in the wild and isn’t sure if the attackers plan to use them. 

On the press release CEO of FireEye, Kevin Mandia wrotes-

Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.

We are actively investigating in coordination with the Federal Bureau of Investigation and other key partners, including Microsoft. Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques.

The attacker primarily sought information related to some of FireEye’s government customers, but it’s not clear yet if they succeeded. Mandia said FireEye has found no evidence that the hackers exfiltrated data from the company’s primary systems that store customer information from incident responses or consulting engagements. There’s also no evidence that the attackers obtained metadata collected by threat-intelligence product.

FireEye is not the first major security firm that got hacked by a nation-state group. Earlier RSA Security was also hacked in 2011 by a nation-state actor, Security Firm Bit9 was hacked in 2013, Kaspersky disclosed a similar breach in 2015, McAfee,Symantec & Trend Micro breached by Russian hacking group in 2019 and Avast got hacked twice, the first time in 2017, and again in 2019.