Governments on alert after FireEye’s hacking tools stolen in cyber attack

The cyber security giant FireEye announced yesterday that it had been targeted by a sophisticated cyber attack, which resulted in criminals stealing an arsenal of hacking tools.

FireEye uses these tools to test the defences of its clients, which include an array of government and US national security agencies.

If these tools end up in the wrong hands, they could cause untold damage, which is why this incident is being described as “among the most significant breaches in recent memory”.

It’s not clear when the attack took place, but according to Reuters a person familiar with the events said the organisation has been resetting user passwords over the past two weeks.

There is currently no evidence that FireEye’s hacking tools have been used in a successful attack, but the FBI and Microsoft are helping to investigate.

Who was responsible?

Matt Gorham, the FBI’s assistant director for the Cyber Division, says that, although the incident is still under investigation, preliminary indications show that the perpetrator’s methods were highly sophisticated and consistent with a nation state.

A former Defense Department official familiar with the case said that Russia was high on the list of suspects.

Another clue that this was a state-sponsored attack is that, in addition to the theft of hacking tools, the attackers targeted government agencies that hired FireEye.

Fortunately, FireEye has disclosed what happened and which tools were taken, reducing the chances of other organisations being compromised because of this incident.

However, the chairman of the House Intelligence Committee, Rep. Adam Schiff, said he wants more information.

“We have asked the relevant intelligence agencies to brief the Committee in the coming days about this attack, any vulnerabilities that may arise from it, and actions to mitigate the impacts,” he said.

What comes of those briefings is dependent on the result of the investigation into the incident. This is far more complex than typical data breaches, so we shouldn’t expect to see the full extent of the damage for some time.

The Weekly Round-up: subscribe now

No Responses