While sometimes it may be difficult to hack your ultimate target, attacking an intermediary to which that target is connected is much easier or perhaps feasible.
This is exactly what has happened to U.S based cybersecurity firm FireEye who has claimed to be hacked by a foreign government with no details released of when it happened though.
With over 8800 customers globally including notable companies and even several U.S government agencies, this means trouble for a lot of them.
Bought FireEye’s stock today for long term holding ($FEYE), panic from “hacks” usually don’t hold long on traded companies. pic.twitter.com/1d9Z69Q7UW
— Alon Gal (Under the Breach) (@UnderTheBreach) December 9, 2020
As for what was stolen, it includes, in its internal lingo, certain “red team tools” which are used by the firm to test the security systems of its clients. Its official blog post provides more information on the stolen tools stating that:
These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.
On the other hand, no data regarding its customers or their confidential information has been leaked which is a positive point. On the other hand, FireEye has stated that they have been resetting the passwords of users for the previous 2 weeks as a part of its mitigatory actions.
Elaborating on who the attacker nation could be, Kevin Mandia, the company’s chief executive has stated that they possess high tier capabilities with the techniques used and the attack being different from all of the prior ones they have encountered.
Furthermore, the targeted information is believed to be related to government customers with many eyes suspecting Russia, the arch-enemy of the United States, and a country that would be capable of such an attack.
Currently, the FBI has started investigating the incident with concerns arising about how the stolen tools could be used in the future. To conclude, we’ll continue updating you on any new revelations about the attack.
For the time being, it is important to remember that such a situation has been well thought out by the cybersecurity company beforehand as its CEO has stated. Meanwhile, you may want to read up more about FireEye’s importance in the cybersecurity world seeing its previous work which has made this incident draw coverage from high-profile sources.