HomeTech PlusTECH & OTHER NEWSCybersecurity firm FireEye says it was hacked by a nation-state

Cybersecurity firm FireEye says it was hacked by a nation-state

FireEye, normally the first company that cyberattack victims will call, has now admitted it too has fallen victim to hackers, which the company called a “sophisticated threat actor,” believed to be backed by a nation-state.

In a blog post confirming the breach, the company’s chief executive Kevin Mandia said the nation-backed hackers have “top-tier offensive capabilities,” but did not attribute blame or say which government was behind the attack.

Mandia, who founded Mandiant, the incident response firm acquired by FireEye in 2014, said the hackers used a “novel combination of techniques not witnessed by us or our partners in the past” to steal hacking tools used typically by red teams, who are tasked with launching authorized but offensive hacking campaigns against customers in order to find weaknesses or vulnerabilities before malicious hackers do.

“These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” said Mandia. “None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen red team tools.”

But if stolen, these tools could make it easier for hackers to launch attacks against their victims.

Two years ago, hackers breached and stole similarly offensive hacking tools from the National Security Agency, which the spy agency used to collect intelligence on foreign suspected terrorists. But the exploit was later published and was used to infect thousands of computers with the WannaCry ransomware, causing millions of dollars’ worth of damage.

Mandia said that FireEye has developed hundreds of countermeasures to minimize the impact that these tools pose in the event that the hackers use the tools, but that FireEye has seen no evidence that the tools have been abused.

Although the motives of the hackers are unknown, Mandia said that the hackers appeared to seek information related to its government customers.

But it’s not clear exactly when the breach happened, or how FireEye was alerted to the incident. A spokesperson for FireEye declined to comment beyond the blog post when reached by TechCrunch.

“We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers,” said Sen. Mark Warner, who serves as vice-chair of the Senate Intelligence Committee, in a statement. “As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors on which we all rely.”

FireEye, valued at about $3.5 billion, saw its stock tank by more than 7% in after-hours trading. The company has gained a reputation as one of the most well-resourced cybersecurity firms on the market, often brought in to understand how a breach happened and what may have been taken.

In this case, FireEye said it had reported the incident to the FBI and alerted industry partners, like Microsoft, to the breach.

By TechCrunch Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS