Cybersecurity firm FireEye hacked by Russian state actors

Cybersecurity firm FireEye hacked by Russian state actors
  • What was stolen: sophisticated cybersecurity tools used to look for vulnerabilities in their clients systems, including Sony, Equifax and government agencies
  • This hack is the biggest known theft of cybersecurity tools since 2016 from the NSA; NSA’s stolen tools were used by North Korea and Russia in attacks on government agencies, hospitals and large organizations at a cost of more than $10 billion.

FireEye, a cybersecurity firm that is often a first choice for government agencies and global organizations, revealed that they have recently been hacked. While details are still limited, the evidence strongly suggests that it may have been Russia’s Intelligence agencies. The hackers used what is described as “novel techniques” to make off with FireEye’s cybersecurity toolkit, which could be used for nefarious purposes.

These tools that were stolen, dubbed “Red Team tools” by FireEye replicate the most sophisticated hacking tools in the world. The tools are built from malware that the company has seen in a wide range of attacks, which is then used -- with permission from its clients -- to look for vulnerabilities in their systems. The company has used these tools with a variety of clients such as Sony, Equifax, and the State Department and other government agencies.

FireEye is still investigating how exactly the hackers had breached their digital vault as details were scarce. This hack is the biggest known theft of cybersecurity tools since the National Security Agency (NSA) in 2016. Those tools were then dumped online over the course of several months and ultimately used by North Korea and Russia in destructive attacks on government agencies, hospitals and large organizations at a cost of more than $10 billion. The main advantage of using stolen tools is that nation-states can hide their own tracks when launching attacks.

While many details of the attack aren’t known, the hackers were said to have undergone extraordinary lengths to avoid detection. They created thousands of internet protocol addresses, many within the United States, that hadn’t been used in attacks before allowing them to better conceal their location. These increasingly sophisticated attacks, especially by nation-states, are one of the largest global security threats today and will continue to grow well into 2021. This is why many teams are starting to get serious about Zero Trust and future technologies including continuous authentication.