Cyber ​​attack: hacker hunter FireEye victim of highly complex hack

by bold-lichterman

The American computer security company FireEye, usually called to the rescue by customers in cyberattacks, admitted on Tuesday that it was itself the object of a highly complex hack, which it suspects a state to be in. ‘origin. FireEye had recently been at the forefront of detecting high-profile hacking operations, sometimes sponsored by states. ” We were recently attacked by a very sophisticated intruder, whose discipline, operational security and techniques lead us to believe it was a state sponsored attack ”, wrote the California group in a blog post.

Based on my 25 years of cybersecurity experience, I concluded that we are witnessing an attack commanded by a nation with high level offensive capabilities ”, said Kevin Mandia, the group’s leader. It indicates that the pirates operated “Clandestinely, using methods that thwart security tools and leave no traces”. The hacker hunter even claims “Never to have encountered such technical combinations in the past”. This information caused, on the Nasdaq Tuesday evening, a fall of almost 8% of the title FireEye, in electronic exchanges following the close of the session.

The company is leading the investigation alongside the FBI and with other partners, including software giant Microsoft. ” Their initial analysis confirms our conclusion that this is the work of a very sophisticated state sponsored hack using new techniques ”, said the boss of the group based in Silicon Valley. In a statement Tuesday, the US Cyber ​​Security Agency, CISA, immediately said the intrusion emanated from “From an actor with a very sophisticated threat”. According to FireEye, the hackers primarily sought information relating to government clients, which is consistent with the purpose of cyber espionage on the part of nation states.

Even the sharpest are vulnerable

Hackers also had access to the software toolkit that FireEye uses to test for cyber threats on its customers. To prevent this test software from being used maliciously – which has not been the case so far, according to the CISA -, FireEye has disseminated to its partners and customers “The methods and means of detecting the use of these tools”. ” As a precaution, we have developed 300 countermeasures for our customers to use in order to minimize the potential impact of this software theft ”, explains the group. The Deputy Chairman of the Senate Intelligence Committee, Democratic Senator Mark Warner, immediately reacted, noting in a statement that “The hack of a leading cybersecurity company shows that even the most sophisticated companies are vulnerable”.

The senator praised FireEye’s initiative in disclosing this intrusion to the public “So that it serves as an example for other entities facing similar attacks”. “While we have called for companies to take real action to secure their systems, this case also shows the difficulty of stopping determined hackers from nation states.”, continued the senator. He called for ” rethinking the kind of IT support government can provide to US businesses in key industries we all depend on ”.

In recent years, FireEye had notably spotted the work of elite North Korean hackers behind a wave of cyber-raids against banks. A year ago, FireEye also warned of the increased activity of a group of hackers linked to Iran. The computer security company had detected a phishing campaign where the hacker was posing as a member of the University of Cambridge and used the social network LinkedIn to distribute his malicious code.