FireEye, a global cyber threat defense agency, has fallen victim to the most machiavellian cyberattack of 2020.
In its official statement of the incident, FireEye revealed that the hackers were state-sponsored, though they did not identify which one.
“Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.” They said.
The “highly sophisticated” classification of this breach is an understatement. FireEye is not a conventional business unaware of cyber-threat tactics. It’s a $3.5 billion cybersecurity company that has developed a global reputation for defending government agencies against the most advanced cyberattacks.
The methods of a successful attack against a global leader in cybersecurity would need to eclipse even the most advanced penetration techniques known by experts. FireEye openly admitted its surprise at the attack technique used.
“They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
When cyber attackers penetrate an esteemed business, their motivations are primarily avaricious. Ransomware attacks are usually launched to encrypt sensitive business data which is then leaked to the dark web if a ransom price is not paid.
But in this instance, the attackers were not interested in a broad extortion effort. This attack targeted a specific set of tools internally developed by FireEye.
“During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security,” FireEye said in their statement.”\
These ‘Red Team assessment tools’ empower FireEye to discover any cyber threat vulnerabilities within an organization by mimicking the behavior of a range of malicious cyber threats.
In the hands of what seems to be the most sophisticated attackers to date, these tools could remove any evidence that could connect cybercriminals to their crimes.
Given FireEye’s acerbic understanding of complex global threats, cybercriminals could use these tools to penetrate high-profile targets without convicting evidence.
The implications of this data breach are difficult to estimate. Whether the cybercriminals only use FireEye’s Red Team tools for their personal motives or make them freely available on the dark web, this event could develop into a very significant threat to global security.