Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
FireEye cybersecurity tools have been compromised in what the company believes was a “state-sponsored attack” potentially carried out by Russia.
The company, one of the leading cybersecurity firms in the U.S., said in an announcement on its website that the attack was carried out by a “highly sophisticated threat actor.”
The hacker’s “discipline, operational security, and techniques” led to the company’s belief that the attack was perpetrated by some nation’s government.
FireEye cybersecurity tools are used by several U.S. agencies and states, such as the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), NBC News reported.
The announcement, written by FireEye CEO and board director Kevin Mandia, said the company is working with the FBI and other partners, such as Microsoft, to investigate the incident.
Mandia said so far the investigation has revealed the FireEye cybersecurity attacker targeted “Red Team assessment tools” the company uses to test customer security. The tools mimic cyberattack behavior and allow FireEye to perform diagnostic services for its clients.
FireEye cybersecurity clients have included companies such as Sony and Equifax, according to a New York Times report.
TechCrunch reported FireEye is valued around $3.5 billion; the company’s stock took a 7% dive in after-hours trading Tuesday.
Mandia said the company was not sure whether the hacker planned to use or publicly disclose the Red Team tools. However, just in case, the company has “developed more than 300 countermeasures” that can be used in an effort to mitigate the effects of the tools’ theft.
So far, Mandia says there has been no indication the attacker has used the stolen FireEye cybersecurity tools.
While FireEye declined to say who it believed was behind the attack, a source familiar with the situation told The Wall Street Journal that investigators see Russia as the most likely actor; however, the investigation is ongoing.
The source said Moscow’s Foreign Intelligence Service — one of the groups that hacked the Democratic National Committee in 2016 — is believed to be responsible for the FireEye cybersecurity attack.
The FireEye cybersecurity tool theft is the largest since the 2016 incident, in which ShadowBrokers, a group that remains unidentified, posted the NSA’s hacking tools online, making them available to other hackers and nation-states, The New York Times reported.
Following that incident, North Korea and Russia used the information in attacks on government entities, hospitals and others, at an eventual cost of more than $10 billion.
However, according to The New York Times, the NSA’s stolen tools likely were of more use than the FireEye cybersecurity tools because the government intentionally builds digital weapons, while FireEye builds tools from malware.
Matt Gorham, assistant director of the FBI’s cyber division, told The Wall Street Journal the preliminary investigation showed the hacker acted with a “high level of sophistication consistent with a nation state.”
Consistent with that effort, Mandia wrote, the attacker sought information associated with government customers.
Mandia said the attacker accessed FireEye’s internal systems, but there was no indication at this point that the attack compromised product metadata or data from the company’s primary systems where customer data from incident response or consultations is stored.
In the event that the company finds customer information was compromised, Mandia said FireEye will reach out to them directly.
In the meantime, Mandia says FireEye is taking a number of steps to protect against any potential use of the Red Team tools.
The company has “prepared countermeasures” able to detect or block the tools’ use.
In addition, it has incorporated countermeasures into its security products and shared those countermeasures with others in the security industry so their security tools can be updated, as well.
FireEye is also making the countermeasures publicly available on its blog and says it will continue to “share and refine” other Red Team tool mitigations as they are available.
“This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques,” Microsoft senior director Jeff Jones said, according to TechCrunch. “We commend FireEye for their disclosure and collaboration, so that we can all be better prepared.”
“Our number one priority is working to strengthen the security of our customers and the broader community,” Mandia said in his announcement of the incident. “We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber attacks.”
Are you concerned about the FireEye cybersecurity breach? Let us know in the comments below.
Read About More Class Action Lawsuits & Class Action Settlements:
This article is not legal advice. It is presented
for informational purposes only.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2024 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
8 thoughts onHacked! Government Agency’s Cybersecurity Firm FireEye Experiences Data Breach
Please add me
add me
add me
Add me
Add me
Add me
Please add me
Nothing to add you to. This is just an information story.