Largest cybersecurity company in the US being ‘visited’ by hackers

Tram Ho

FireEye, one of the largest cybersecurity companies in the US, said it believes it was the victim of an attack by state-sponsored hackers, aimed at stealing internal tools they use. Use to conduct penetration testing for other companies.

“Recently, we have been attacked by a very sophisticated, disciplined, secure and technical guy who makes us believe it was a state-sponsored attack,” said Kevin Mandia, The FireEye CEO said in a blog post after the incident. “This attack is different from the tens of thousands of incidents we’ve dealt with over the years.”

Mandia did not say when the attack took place.

Công ty an ninh mạng lớn nhất ở Mỹ bị tin tặc ghé thăm - Ảnh 1.

FireEye is a security company that has many different customers in the national security field both in the US and abroad. After the incident was disclosed, the Cybersecurity and Infrastructure Agency (CISA) published a bulletin, recommending that cybersecurity experts keep up with this incident.

The company also said that no tools related to the field of zero-day exploits – a type of vulnerability that has not been fixed – have been stolen. There is also no evidence that these tools were used spontaneously, or that the guys behind the attack were able to obtain any customer data.

But for safety’s sake, FireEye shared countermeasures that could detect or block the use of its stolen tools. Those countermeasures have been publicly announced on GitHub. The company is also working with Microsoft and the FBI to investigate what happened.

“We are not sure if the attacker intended to use our Red Team tools or publicly disclose them,” Mandia said.

According to The Washington Post , APT29 (also known as Cozy Bear), a group of hackers believed to be affiliated with Russia’s Foreign Intelligence Service, was likely behind the attack. This is also the group that hacked the servers of the Democratic National Committee ahead of the 2016 presidential election.

“This incident shows why the security industry must work together to protect and respond to threats posed by well-funded adversaries. Use new and sophisticated attack techniques” , a Microsoft spokesperson told Reuters

According to The New York Times , this is the largest known theft of cybersecurity tools since the US National Security Agency was attacked by a group of hackers known as The Shadow Brokers. In addition to that attack was WannaCry, the type of malware used to launch ransomware attacks on US hospitals, businesses, and other organizations.

Refer to Engadget

Share the news now

Source : Genk