Friday January 15th, 2021 3:15PM

Cybersecurity firm FireEye says was hacked by nation state

By The Associated Press
Related Articles
  Contact Editor

BOSTON (AP) — Prominent U.S. cybersecurity firm FireEye said Tuesday that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, who include federal, state and local governments and top global corporations.

The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company's consulting or breach-response businesses or threat-intelligence data it collects.

FireEye is a major cybersecurity player — it responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.

Neither Mandia nor a FireEye spokeswoman said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia.

“I do think what we know of the operation is consistent with a Russian state actor," said former NSA hacker Jake Williams, president of Rendition Infosec. “Whether or not customer data was accessed, it’s still a big win for Russia.”

FireEye's Mandia said he had concluded that "a nation with top-tier offensive capabilities” was behind the attack.

The stolen “red team” tools — which amount to real-world malware — could be dangerous in the wrong hands. FireEye said there’s no indication they have been used maliciously. But cybersecurity experts say sophisticated nation-state hackers could modify them and wield them in the future against government or industry targets.

The hack was the biggest blow to the U.S. cybersecurity community since a mysterious group known as the “Shadow Brokers” in 2016 released a trove of high-level hacking tools stolen from the National Security Agency. The U.S. believes North Korea and Russia capitalized on the stolen tools to unleash devastating global cyberattacks.

The nation’s Cybersecurity and Infrastructure Security Agency warned that “unauthorized third-party users” could similarly abuse FireEye’s stolen red-team tools.

Milpitas, California-based FireEye, which is publicly traded, said in Tuesday's statement that it had developed 300 countermeasures to protect customers and others from them and was making them immediately available.

FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the U.S. that administer elections. It was credited with attributing to Russian military hackers mid-winter attacks in 2015 and 2016 on Ukraine’s energy grid. Its threat hunters also have helped social media companies including Facebook identify malicious actors.

Thomas Rid, a Johns Hopkins cyberconflict scholar, said that if the Kremlin were behind the hack it could have been seeking to learn what FireEye knows about Russia’s global state-backed operations — doing counterintelligence. Or it might have seeking to retaliate against the U.S. government for measures including indicting Russian military hackers for meddling in the 2016 U.S. election and other alleged crimes. FireEye is, after all, a close U.S. government partner that has “exposed many Russian operations," he said.

FireEye said it is investigating the attack in coordination with the FBI and partners including Microsoft, which has its own cybersecurity team. Mandia said the hackers used “a novel combination of techniques not witnessed by us or our partners in the past.”

Matt Gorham, assistant director of the FBI's cyber division, said the hackers' “high level of sophistication (was) consistent with a nation state.”

The U.S. government is “focused on imposing risk and consequences on malicious cyber actors, so they think twice before attempting an intrusion in the first place,” Gorham said. That has included what U.S. Cyber Command terms “defending forward” operations such as penetrated the networks of Russia and other adversaries.

U.S. Sen. Mark Warner, a Virginia Democrat on the Senate’s intelligence committee, applauded FireEye for quickly disclosing the intrusion, saying the case "shows the difficulty of stopping determined nation-state hackers.”

Cybersecurity expert Dmitri Alperovitch said security companies like FireEye are top targets, with big names in the field including Kaspersky and Symantec breached in the past.

“Every security company is being targeted by nation-state actors. This has been going on got over a decade now,” said Alperovitch, the co-founder and former chief technical officer of Crowdstrike, which investigated the 2016 Russian hack of the Democratic National Committee and Hillary Clinton's campaign.

He said the release of the “red-team” tools, while a serious concern, was “not the end of the world because threat actors always create new tools.”

“This could have been much worse if their customer data had been hacked and exfiltrated. So far there is no evidence of that,” Alperovitch said, citing hacks of other cybersecurity companies — RSA Security in 2011 and Bit9 two years later — that contributed to the compromise of customer data.

Founded in 2004, FireEye went public in 2013 and months later acquired Virginia-based Mandiant Corp., the firm that linked years of cyberattacks against U.S. companies to a secret Chinese military unit. It had about 3,400 employees and $889.2 million in revenue last year, though with a net loss of $257.4 million.

The company's 8,800 customers last year included more than half of the Forbes Global 2000, companies in telecommunications, technology, financial services, healthcare, electric grid operators, pharmaceutical companies and the oil-and-gas industry.

Its stock fell more than 7% in after-hours trading Tuesday following news of the hack.


O'Brien reported from Providence, Rhode Island. Associated Press writer Eric Tucker in Washington contributed to this report.

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP Business, AP Business - Consumer News, AP Business - Industries, AP Business - Utilities, AP Technology News
© Copyright 2021
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Trump thought courts were key to winning. Judges disagreed.
President Donald Trump and his allies say their lawsuits aimed at subverting the 2020 election and reversing his loss to Joe Biden would be substantiated if only judges were allowed to hear the cases
5:13PM ( 10 minutes ago )
Biden makes pitch for retired general to be Pentagon chief
President-elect Joe Biden is making his case for retired Army Gen. Lloyd Austin to be secretary of defense, urging Congress to waive a legal prohibition against a recently serving military officer running the Pentagon
5:09PM ( 14 minutes ago )
First lady urges kindness during holiday clouded by pandemic
Melania Trump is encouraging people to perform small acts of kindness for one another during a holiday season clouded by the coronavirus pandemic
5:09PM ( 14 minutes ago )
Associated Press (AP)
The Latest: Rudy Giuliani says he's making rapid recovery
President Donald Trump’s personal attorney Rudy Giuliani says he’s making a rapid recovery after being diagnosed with the novel coronavirus and expects to be released from the hospital as early as Wednesday
4:19PM ( 1 hour ago )
COVID-19 aid in balance as McConnell pushes smaller deal
Capitol Hill’s most powerful Republican is proposing to shelve a controversial pet provision for an emerging COVID-19 relief package — but only if Democrats agree to shelve one of their top priorities, too
4:15PM ( 1 hour ago )
AP source: NHL players balk at changing CBA, league moves on
NHL players have balked at changing the collective bargaining agreement and the league is preparing to open the season Jan. 13 after starting training camp on New Year’s Day
4:12PM ( 1 hour ago )
AP Business
EU digital boss: New rules to curb big tech aim for fairness
The European Union is set to propose new laws to rein in the power of big tech companies, including measures to ensure customers are protected, smaller rivals are treated fairly, and illegal content is dealt with
10:10AM ( 1 month ago )
UK says Instagram to crack down on hidden influencer ads
British regulators said Friday that Instagram will clamp down on “hidden advertising” by social media influencers
9:08AM ( 1 month ago )
Andrew Yang takes lead in California data privacy measure
Californians will vote on whether to expand their data privacy rights in a Nov. 3 ballot measure that would also amend a law that took effect earlier this year
11:30AM ( 2 months ago )
AP Business - Consumer News
High court rejects GOP bid to halt Biden's Pennsylvania win
The Supreme Court has rejected Republicans' last-gasp bid to reverse Pennsylvania’s certification of President-elect Joe Biden’s victory in the electoral battleground
5:15PM ( 9 minutes ago )
Biden makes pitch for retired general to be Pentagon chief
President-elect Joe Biden is making his case for retired Army Gen. Lloyd Austin to be secretary of defense, urging Congress to waive a legal prohibition against a recently serving military officer running the Pentagon
5:09PM ( 14 minutes ago )
Tesla seeks to sell $5B in stock; CEO Musk moves to Texas
Tesla says Tuesday it wants to raise up to $5 billion in capital through a stock offering
4:59PM ( 25 minutes ago )
Trump hails vaccine 'miracle,' with millions of doses soon
President Donald Trump is celebrating the expected approval of the first U.S. vaccine for the coronavirus, as the White House works to instill confidence in the distribution that will largely be executed by President-elect Joe Biden
4:47PM ( 37 minutes ago )
Oliva Jade Giannulli learning from family college 'mess-up'
Maybe Olivia Jade Giannulli had hoped for kid-glove treatment in choosing the family vibe of “Red Table Talk” for her first public comments about the college admissions scandal involving her famous parents
4:37PM ( 47 minutes ago )