Who owns FireEye? $3.5B cybersecurity giant says it was hacked by 'nation with top-tier offensive capabilities'
The company said that till now FireEye has also seen no evidence that an attacker has utilized the stolen Red Team tools
Cybersecurity firm FireEye, over the years, has been trusted by government agencies and companies around the world who have been hacked by the most sophisticated attackers or fear they might be. However, now it seems that they themselves have affected by hackers.
On Tuesday, December 8, FireEye informed that its own systems were affected by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world. CNN reported, in a disclosure, the company said, “We are proactively releasing methods and means to detect the use of our stolen Red Team tools. We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools." The Red Team assessment tools was used by the firm to test its customers’ security.
An NYT report stated the $3.5 billion company, did not say clearly who was responsible. The FBI has turned the case over to its Russia specialists. On December 8, the FBI confirmed that the hack was the work of a state, but it also would not say which one. Matt Gorham, assistant director of the FBI Cyber Division, said, “The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation-state.” FireEye has also seen no evidence to date that an attacker has utilized the stolen Red Team tools.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” said Kevin Mandia, FireEye’s CEO. On December 8, a Cybersecurity & Infrastructure Security Agency (CISA) advisory warned: “Although [CISA] has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems."
Who owns FireEye?
The company was founded in 2004 by Ashar Aziz, who created a system for recognizing threats that haven’t been tracked before, unlike older companies that sold firewalls or anti-virus programs that block known malware, as per a 2018 LA Times report. The former Sun Microsystems engineer, developed a system that uses software to simulate a computer network and check programs for suspicious behavior, before allowing them into the network itself. The report also stated they worked on high-profile cyberattacks against companies including Target, JPMorgan Chase and Sony Pictures.
In 2012, Aziz stepped down as CEO and former McAfee CEO David DeWalt was appointed to the position. The company went public in 2013. The following year, it acquired Mandiant, known for its expertise in assessing damage and tracing the source of cyberattacks. Mandiant founder Kevin Mandia, a former US Air Force investigator, is now the current CEO of FireEye. In 2016, it was informed that Aziz had tendered his resignation from FireEye.
What the Internet has to say
A user claimed, “I *feel* for the folks at FireEye right now. I have been in that hotseat before and it isn't fun. Bravo to them for the immediate transparency and populating github with countermeasures quickly.” Another said, “It is refreshing to see a company that is transparent during a situation like this, especially for a security company such as FireEye. I feel for all my friends at FireEye and Mandiant right now. Hang in there! You know who you are.” A user commented, “Hope #FireEye will be able to share the TTPs with the wider community real soon so that preventive and detective measures can be put in place though I'm not sure if it will be that straight forward in this case.”
I *feel* for the folks at FireEye right now. I have been in that hotseat before and it isn't fun. Bravo to them for the immediate transparency and populating github with countermeasures quickly.— unDiluted vCISO (@sparemetrix) December 9, 2020
It is refreshing to see a company that is transparent during a situation like this, especially for a security company such as FireEye.— thinkcomputers.slc (@ThinkcomputersS) December 9, 2020
I feel for all my friends at FireEye and Mandiant right now. Hang in there!
You know who you are https://t.co/ZKxeCZmXl7
Hope #FireEye will be able to share the TTPs with the wider community real soon so that preventive and detective measures can be put in place though I'm not sure if it will be that straight forward in this case.— Sivanathan :flag-my: (@sivanathans) December 9, 2020