Russian intelligence appears to have hacked and stolen cybersecurity tools from one of the world’s top cyber defense firms — the U.S. company — FireEye. This is significant because governments and businesses worldwide have relied on the $3.5 billion cyber defense company when responding to the most sophisticated cyber attackers.
According to the New York Times, FireEye revealed that its computer systems were breached by what it called “a nation with top-tier offensive capabilities.”
This is the biggest known hack of cybersecurity tools since the National Security Agency (NSA) had its tools snatched in 2016 by an unidentified group calling itself the ShadowBrokers, but whom many experts also suspect are Russian.
That group dumped the NSA’s tools online allowing nation-state hackers to use what one former NSA operator called the “keys to the digital Kingdom” to conduct a range of highly destructive attacks against government agencies and businesses.
In this case now, FireEye said, according to the NYT, the unspecified hackers used “novel techniques” to steal its proprietary counter cyber hacker tool kit from its closely guarded digital vault. These tools could now aid the nation-state culprit in launching more attacks globally, without exposing its own covert toolkits.
While no one has specifically identified these hackers as Russian, it is fairly clear from the evidence that is the case.
Once it identified that it had been breached, FireEye had to turn to the FBI. The FBI, in turn, handed the case to its Russia specialists. According to these sources, reports the NYT, the hackers were after what the company calls “Red Team tools.”
As the NYT explains:
These are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency — to look for vulnerabilities in their systems.
On Tuesday, Matt Gorham, assistant director of the FBI Cyber Division, said according to the NYT, “The F.B.I. is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation-state.”
The NYT continues:
The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system. At a moment that the nation’s public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets.
A FireEye hack by Russia could also be likely retaliation for the company’s investigators having repeatedly exposed units of the Russian military intelligence — the G.R.U., as well as the foreign and domestic Russian intelligence services, the S.V.R. and the F.S.B., for their attacks worldwide.
“The Russians believe in revenge,” said James A. Lewis at the Center for Strategic and International Studies, notes the NYT. “Suddenly, FireEye’s customers are vulnerable.”