FireEye, a $3.5 billion cyber security giant, has disclosed that it was recently targeted with a massive, specialised and highly sophisticated cyber attack. The attack is said to have been specifically tailored to breach FireEye’s own defences, and included highly sophisticated techniques that FireEye claims had so far not been seen before in the usual swarm of cyber attacks that occur every day. Given that FireEye is one of the world’s biggest cyber security firms, that inference is cause for concern.
What the hack took
Compounding on the threat, FireEye CEO Kevin Mandia further states that after studying the hack’s forensics, the company has concluded that this activity was enforced by a nation state-backed hackers, who were very specific, highly advanced and purpose-driven in their attack. “The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past,” Mandia adds.
The hack targeted the FireEye Red Team hacking tools, which are typically used in conjunction with a honey pot to assess evolving and zero-day security threats. Such tools are often designed to soak-test enterprise security, and given FireEye’s extensive clientele, raised cause for significant concern. On this note, Mandia adds, “we are proactively releasing methods and means to detect the use of our stolen Red Team tools.
“We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools. We have seen no evidence to date that any attacker has used the stolen Red Team tools. We, as well as others in the security community, will continue to monitor for any…