On December 8th, FireEye announced on its blog that it had been the victim of a sophisticated cyberattack that may have been supported by a state. Kevin Mandia, CEO of the company, refers in his press release to the “high-level skills” of hackers without pointing out a culprit.

FireEye is known to often detail the operations of government hackers. In particular, operation ghostwriters, recent Chinese activity and even attempts to break into the American power grid.

Stolen cyber attack tools

Breaking into FireEye’s servers is not without consequences. Some of the tools used by the red teams have been stolen. These tools are used to launch complex (authorized) attacks on corporate customers in order to identify weak points in their systems. “These tools mimic the behavior of many cyber threat actors. (…) None of the tools contain zero-day exploits, ”explains the CEO.

In cybersecurity, red teams are teams that use techniques similar to hackers to attack a company. We disapprove of the blue teams who will develop defense systems against attacks.

A zero-day vulnerability is a vulnerability that has not yet been officially announced or discovered. It also means there is no patch to fix the problem.

FireEye tools could have dire consequences in the hands of obviously ill-intentioned actors. Because of this, the company is “proactively revealing methods and means to detect the use of our stolen red team tools”.

FireEye not only sees that part of its know-how has been stolen, but must also describe in detail how it works. These are likely years of research and development that fly away and alert an industry that is already on high alert.

The alarm is given

The last time such tools were stolen, the victim was none other than the NSA itself. The agency did not immediately disclose its activity. This withholding of information has resulted in the infiltration of Wannacry ransomware into hundreds of thousands of computers. The damage caused cost many companies millions of euros

If the NSA was silent, FireEye immediately took the bull by the horns. In addition, she states that she has found no use of her tools. In contrast to the American secret services, their programs do not exploit any unknown security gaps (zero-day).

Logically, the FBI has launched an investigation into the attack on the company. While it is difficult to shed light on the motivations of the hackers at this point, “the attack is different from the tens of thousands we have worked on for years. Attackers have adapted their world-class abilities specifically to target and attack FireEye. They are well trained and operated with discipline and focus. They acted clandestinely, using methods beyond the detection tools and various techniques that we had never seen in the past, ”adds Kevin Mandia.