FireEye, one of the most prominent cybersecurity firms in the world, revealed on Tuesday that it fell victim to a cyberattack that resulted in the theft of its tools. The US company said “a nation with top-tier offensive capabilities” was responsible for the attack. It added that the perpetrators used “novel techniques” to steal tool kits designed to test clients’ defense systems.
FireEye’s customers, in the thousands, include federal and government agencies from all over the globe, as well as major corporations like Equifax and Sony.
The cybersecurity firm disclosed the breach in a public filing with the Securities and Exchange Commission. It also shared the news in a blog post, saying “highly sophisticated” attackers got their hands on “Red Team tools,” which imitate potential cyber threats. The company uses them to search for vulnerabilities in their clients’ security systems, with their permission, of course.
All Fingers Point at Russia
FireEye did not mention which foreign government was behind the hack, but it did contact the FBI and Microsoft to help with the investigation. “The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state,” said the FBI Cyber Division’s Assistant Director, Matt Gorham.
The Federal Bureau of Investigation also declined to state the responsible side. However, based on FireEye’s description and the fact that the FBI’s Russian specialists are handling the case, it seems all fingers point at Russia’s intelligence agencies.
In addition to the hacking tool theft, cybercriminals seemed interested in FireEye’s governmental clientele. But so far, there is no evidence that the threat actors used the Red Team tools or stole any client data. It remains unclear how the attack actually took place, but a source familiar with the matter said the cybersecurity firm has been changing user passwords for the past two weeks.
FireEye isn’t the first cybersecurity firm to suffer a breach, with Kaspersky Lab, Bit9, and RSA also falling victim in the past.
Internet users who wish to maintain their security and privacy should use VPNs, tools that have private servers worldwide. After connecting to a VPN server, the provider encrypts and redirects their traffic. As a result, ISPs, hackers, and government agencies won’t be able to monitor their online activities or track their actual location.
They are also useful in unblocking geo-restricted content, including streaming platforms like BBC iPlayer, ESPN+, and any Netflix library.