Cyber security firm FireEye hacked by foreign government agents with 'top-tier capabilities' | Science & Tech News | Sky News
Cyber security firm FireEye hacked by foreign government agents with 'top-tier capabilities'
The US firm has not blamed a specific country but some experts are pointing towards Russia.
Wednesday 9 December 2020 06:47, UK
California-based FireEye numbers US federal agencies among its customers
Image:
California-based FireEye numbers US federal agencies among its customers
Why you can trust Sky News
Cyber security firm FireEye says it has been hacked by foreign government agents with "top-tier capabilities".
FireEye has 8,800 customers, including US federal government agencies and more than half of the Forbes Global 2000 list.
The US firm said hackers broke into its network and stole "red team tools", which it uses to test the defences of its clients.
However, there was no indication that information about customers, breach response, or threat intelligence was stolen.
It is unclear when the hack took place but reports said the company had been resetting user passwords over the past two weeks.
Advertisement
FireEye chief executive Kevin Mandia said: "I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities.
"This attack is different from the tens of thousands of incidents we have responded to throughout the years."
More from Science & Tech
Julian Assange cannot be extradited to the US, UK judge rules
Earth 'has been lucky' to support life for 3 billion years, study says
Bitcoin extends rally to top $30,000 for first time
Adobe Flash Player officially discontinued after years of problems
TikTok faces potential legal challenge from 12-year-old girl
Suspect held after possible poisoning of Game Of Thrones video game tycoon
He added that the hackers "primarily sought information related to certain government customers" and had used "a novel combination of techniques not witnessed by us or our partners in the past".
Kevin Mandia, CEO of FireEye, testifies before the Senate Intelligence Committee March 30, 2017 in Washington, DC
Image:
Kevin Mandia is chief executive at FireEye, one of the US's biggest cybersecurity firms
Matt Gorham, assistant FBI director for the cyber division, said: "The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state."
Many experts suspect Russia.
Former NSA hacker Jake Williams, president of Rendition Infosec, said: "I do think what we know of the operation is consistent with a Russian state actor.
"Whether or not customer data was accessed, it's still a big win for Russia."
Thomas Rid, a cyber conflict scholar at Johns Hopkins, said that if Russia was to blame, it could have been trying to see what FireEye knows about its cyber operations.
The tools stolen do not yet appear to have been used maliciously but could be modified and used against governments or businesses in future.
Cyber security expert Dmitri Alperovitch added: "This could have been much worse if their customer data had been hacked and exfiltrated. So far there is no evidence of that."
California-based FireEye is known for having responded to the Sony and Equifax data breaches and helped Saudi Arabia deal with a cyber attack on its oil industry.
It has also played a major role in identifying Russia as being behind numerous cyber attacks in the past.
Its stock fell more than 7% in after-hours trading on Tuesday following news of the hack.
The US firm has not blamed a specific country but some experts are pointing towards Russia.
Wednesday 9 December 2020 06:47, UK
California-based FireEye numbers US federal agencies among its customers
Image:
California-based FireEye numbers US federal agencies among its customers
Why you can trust Sky News
Cyber security firm FireEye says it has been hacked by foreign government agents with "top-tier capabilities".
FireEye has 8,800 customers, including US federal government agencies and more than half of the Forbes Global 2000 list.
The US firm said hackers broke into its network and stole "red team tools", which it uses to test the defences of its clients.
However, there was no indication that information about customers, breach response, or threat intelligence was stolen.
It is unclear when the hack took place but reports said the company had been resetting user passwords over the past two weeks.
Advertisement
FireEye chief executive Kevin Mandia said: "I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities.
"This attack is different from the tens of thousands of incidents we have responded to throughout the years."
More from Science & Tech
Julian Assange cannot be extradited to the US, UK judge rules
Earth 'has been lucky' to support life for 3 billion years, study says
Bitcoin extends rally to top $30,000 for first time
Adobe Flash Player officially discontinued after years of problems
TikTok faces potential legal challenge from 12-year-old girl
Suspect held after possible poisoning of Game Of Thrones video game tycoon
He added that the hackers "primarily sought information related to certain government customers" and had used "a novel combination of techniques not witnessed by us or our partners in the past".
Kevin Mandia, CEO of FireEye, testifies before the Senate Intelligence Committee March 30, 2017 in Washington, DC
Image:
Kevin Mandia is chief executive at FireEye, one of the US's biggest cybersecurity firms
Matt Gorham, assistant FBI director for the cyber division, said: "The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state."
Many experts suspect Russia.
Former NSA hacker Jake Williams, president of Rendition Infosec, said: "I do think what we know of the operation is consistent with a Russian state actor.
"Whether or not customer data was accessed, it's still a big win for Russia."
Thomas Rid, a cyber conflict scholar at Johns Hopkins, said that if Russia was to blame, it could have been trying to see what FireEye knows about its cyber operations.
The tools stolen do not yet appear to have been used maliciously but could be modified and used against governments or businesses in future.
Cyber security expert Dmitri Alperovitch added: "This could have been much worse if their customer data had been hacked and exfiltrated. So far there is no evidence of that."
California-based FireEye is known for having responded to the Sony and Equifax data breaches and helped Saudi Arabia deal with a cyber attack on its oil industry.
It has also played a major role in identifying Russia as being behind numerous cyber attacks in the past.
Its stock fell more than 7% in after-hours trading on Tuesday following news of the hack.
