Cybersecurity firms with global renown are frequently high-value targets for hacking groups, but FireEye ranks towards the top of that list due to its close links to governments and agencies worldwide.
What Happened in the FireEye Hack?
Very little is known about the nuts and bolts of the FireEye hack. What is known is that a suspected nation-state threat actor accessed FireEye using “a novel combination of techniques” that set the attack apart from others seen by the firm.
FireEye CEO Kevin Mandia detailed the attack in a blog on the FireEye site.
The attackers stole some of FireEye’s Red Team tools. In cybersecurity, a “red team” is an offensive team used to attack and access a network or computer. Conversely, a “blue team” defends from attack.
Understandably, FireEye did not disclose the specific tools stolen. However, they confirmed the preparation of over 300 countermeasures that customers and the community can use to “minimize the impact” of these tools.
Who Is Behind the FireEye Hack?
As per the FireEye statement, a sophisticated nation-state threat actor is behind the hack. Only a hacking team backed by government resources would have access to the resources required to pull off such an audacious attack.
FireEye confirmed that the attacker also attempted to access information on FireEye’s government customers, which adds further credence to the idea of a nation-state hacker. Although sensitive files were the target, FireEye has “seen no evidence that the attacker exfiltrated data from our primary systems.”
In short, the Red Team tools were stolen, but FireEye’s confidential data remains secure.
The FireEye hack is eye-catching and headline-grabbing. The tools could make it easier for hackers to launch sophisticated attacks against other targets. But as FireEye—and everyone else, for that matter—doesn’t know what the attacker will do with the tools, it is all speculation.
