FireEye breach in the largest security company
FireEye, one of the world's largest security companies, said it had been compromised and that an "extremely sophisticated intruder" had gained access to its internal network. So it managed to steal hacking tools that FireEye uses to test its customer networks.
In a press release, FireEye CEO Kevin Mandia said the attacker also sought information related to some of the company's government customers.
Mandia described the attacker as "highly sophisticated, whose discipline, operational security and techniques lead us to believe it was a state attack".
"Based on 25 years of cyber security and response to incidents, I have come to the conclusion that we are witnessing an attack by a state with superior offensive capabilities." said Mandia.
"This attack is different from the tens of thousands of incidents we have responded to over the years," he added.
"The attackers were highly trained in operational security and acted with discipline and focus.
"They operated secretly, using methods that offset security tools and forensic testing. They used a new combination of techniques that have not been observed by us or our partners in the past. ”
FireEye said its findings were confirmed by Microsoft, which called on the company to help investigate the breach.
The Federal Bureau of Investigation (FBI) has also been informed and is currently assisting the company.
Because FireEye believes the intruders got their hands on custom penetration testing tools, the company released compromise indicators (IOCs) and countermeasures to her GitHub account. The data from GitHub will help other companies find out if hackers used any of FireEye's stolen tools to break into their networks.
Knowing that it could be the target of the next attack on Twitter, most cybersecurity professionals showed their support for the company and praised FireEye for its quick revelation.
With the Fireeye breach news coming out, it's important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9 1 /
- Dmitri Alperovitch (@DAlperovitch) December 8, 2020
Going to be a lot of folks that dunk on FireEye for this but from my quick review they found it themselves and self disclosed. Everyone gets breached. Kudos to Kevin and the team for detecting and responding well. https://t.co/CxHM375Jbu
- Robert M. Lee (@RobertMLee) December 8, 2020