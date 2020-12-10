Hackers stole key tools: FireEye

TOP-TIER ATTACK: The hackers sought information related to government customers, which is consistent with nation-state cyberespionage, the hacker-fighting company said

Hacker-fighting firm FireEye on Tuesday said that its own defenses were breached by sophisticated attackers who stole “Red Team” tools used to test customers’ computer systems.

While the hackers had yet to be identified, their tactics and targets led FireEye to believe that it was a state-sponsored attack “by a nation with top-tier offensive capabilities.”

“The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyberattacks,” said US Senator Mark Warner, who is vice chairman of the US Senate Select Committee on Intelligence.

“We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers,” Warner added.

It did not appear that any customer data was stolen from FireEye, or that the taken tools have been used in other attacks, the Silicon Valley-based firm said.

“The attackers tailored their world-class capabilities specifically to target and attack FireEye,” firm CEO Kevin Mandia wrote in a blog post revealing the breach. “They used a novel combination of techniques not witnessed by us or our partners in the past.”

FireEye shares were down more than 7 percent after news of the hack was reported.

FireEye said that it is investigating the attack with help from the FBI and industry partners, including Microsoft.

“Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques,” Mandia said.

The hackers primarily sought information related to government customers, which is consistent with nation-state cyberespionage, FireEye said.

Also targeted in the attack were Red Team tools that help diagnose the security of customers’ networks by mimicking the behavior of hackers, Mandia said.

FireEye was making available countermeasures to defend against someone using the tools.

The US Department of Homeland Security said that it was aware of the attack, but that it had no information indicating that the stolen cybertools were so far being “maliciously used.”

US intelligence agencies have been asked to brief the US House Permanent Select Committee on Intelligence about the cyberattack in the coming days, said US Representative Adam Schiff, chairman of the committee.

“Foreign actors have not stopped attacking our country, and its critical and cybersecurity infrastructure since 2016,” he added.

Schiff found it troubling that the hackers stole tools from FireEye that could be used in attacks.

The FireEye hack came less than two months after the US Department of the Treasury announced sanctions against a Russian research institute, which it said was tied to the powerful malware Triton, used to damage a Saudi Arabian petrochemical plant in 2017.

FireEye connected Triton to the Moscow-based research institute and a specific, unnamed person with close ties to the institute.

It was not determined whether Russia was linked to the FireEye hack.

“The Russian government continues to engage in dangerous cyberactivities aimed at the United States and our allies,” US Secretary of the Treasury Steven Mnuchin said in a statement at the time.

FireEye’s track record includes identifying an Iran-based social media campaign to sway public opinion by impersonating reporters, politicians and others, as well as identifying North Korean hackers implicated in a wave of cyberattacks on global banks that netted “hundreds of millions” of US dollars.