One of the world’s largest IT security companies, FireEye — which is often called in by US authorities in the event of cyberattacks, has become a target for hackers.
According to FireEye, “Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.”
The attacker targeted and accessed certain “Red Team assessment tools” that the company uses to test its customers’ defense systems. It is still unclear whether the attacker intends to use these tools or to publicly disclose them. So far, FireEye has seen no evidence of this.
In addition to the hacking tools, the attackers were particularly interested in information about the company’s government customers, FireEye boss Kevin Mandia wrote in the blog entry. So far, it does not look as if they have been able to access customer data from the storage systems.
The stolen tools did not contain any attack scenarios for Zero-day vulnerabilities, the FireEye boss assured. However, the company has published a list of gaps with their CVE numbers for which the updates should now be prioritized. FireEye wants to prevent its own tools from causing greater damage.
The Wall Street Journal reported, citing investigators, that hackers from the Russian secret service are currently seen as likely perpetrators. It could be one of the groups that stole emails from the Democratic Party in the 2016 US election campaign. The publication of the emails had harmed Donald Trump’s opponent Hillary Clinton.
According to the investigators, the hackers used an unusual combination of attack tools, some of which have not yet appeared. “The attackers tailored their world-class skills specifically to attack FireEye,” Mandia wrote.