Cybersecurity Firm FireEye Was Victim Of Sophisticated State-Sponsored Hack

FireEye, a prominent cybersecurity firm, says it is working with the US Federal Bureau of Investigation and several key partners, including Microsoft (which recently warned of a rise in cyberattacks), into a highly sophisticated and targeted hack that it believes was perpetrated by a state-sponsored actor "with top-tier offensive capabilities." It is unlike anything FireEye CEO Kevin Mandia has seen in his two and a half decades in cybersecurity.

That is saying something, given that FireEye deals with security incidents of the highest order. However, Mandia says this particular attack is different from the tens of thousands of incidents his company has dealt with over the years.

"The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past," Mandia stated in a blog post.

It seems the attackers were partly motivated by a desire to get their mitts on FireEye's 'Red Team' security tools, perhaps to use against them and its clients, or to post them online. Mandia is not entirely sure which is the reason, and so far, there has been no evidence to suggest that the culprits have actually used the security tools. The tools range from simple scripts to automating reconnaissance, to entire frameworks similar to publicly available technologies like Cobalt Strike and Metasploit.

This is concerning to the say the least. However, Mandia is adamant that FireEye is equipped to handle this sort of thing, with hundreds of countermeasures in place and available to its customers. Some of those have already been put into place, to detect and/or block the use of certain stolen security tools.

In addition to the tools themselves, Mandia says the hacking group was mostly interested in obtaining information related to certain government customers.

"While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly," Mandia added.

There is a bit of a silver lining to this situation. Cybersecurity is a bit of a cat and mouse game between protectors and hackers, and Mandia says the lessons learned about its adversaries in this attack will ultimately result in greater security.