FireEye has an array of business contacts across the national security space. The contract is in the US and its allied countries. This is the most significant breaches in recent memory. The attack is very different from the tens of thousands of incidents reported in recent years. The attackers have tailored their world-class capabilities to target FireEye. The operation was conducted using methods that counter security tools and forensic examinations.
The breach is disclosed in a blog post authored by CEO Kevin Mandia. The post states that red team tools were stolen as part of a nation-state hacking operation. Apart from this tool, the hackers have also stolen the data of FireEye customers, most of which are government agencies. Mandia wrote, “We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber attacks.”
There is no proof that the hacking tools by FireEye have were used or client data is exfiltrated. However, the investigation is being carried out with the help of the Federal Bureau of Investigation (FBI) and Microsoft.
Microsoft spokesperson said, “This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques.”
Mandia also wrote that none of the red team tools exploited zero-day vulnerabilities. Experts say that it can be difficult to measure the impact of a hacking campaign, which focuses on known software vulnerabilities. The company’s CEO is not sure if the attacker wants to use Red Team tools or publicly disclose them.