The latest victim of state-sponsored hacking attack is FireEye, one of the largest cybersecurity firms in the United States. According to FireEye, the attack caused the theft of its internal tools that is used to conduct penetration testing for other companies.
Kevin Mandia, the CEO of FireEye said in a blog post regarding the incident that they were recently attacked by a highly sophisticated threat actor, one whose discipline, operational security and techniques led them to believe that it was a state-sponsored attack.
Mandia said that this attack is different from the other incidents that the company have responded to in the past years. However, Mandia did not mention when the attack happened.
FireEye has numerous clients in the national security space both in the United States and other countries. After the disclosure, the Cybersecurity and Infrastructure Security Agency or CISA published a bulletin that advised cybersecurity specialists to be vigilant and to start investigation the incident.
The company noted that none of the stolen tools have zero-day exploits, that is a vulnerability that does not have a proper fix yet. There is also no concrete evidence to suggest that the tools have been used in the wild or that whoever was the mastermind of the attack was able to get any client information.
In order to be safe and prepared, FireEye has shared countermeasures that can help detect or block the use of the company's stolen tools. Those countermeasures are available on GitHub. FireEye are currently working with Microsoft and the FBI to investigate what exactly happened.
Mandia added that they are not sure of the attacker wants to use their Red Team tools or to just publicly disclose them. There are no other information given about the incident and there is no development yet.
The possible hackers
According to The Washington Post, APT29 or Cozy Bear, a hacker group that is said to be linked with Russia's Foreign Intelligence Service, could be behind the attack. Cozy Bear is the same group that hacked the servers of the Democratic National Committee in 2016 before the presidential election.
A Microsoft spokesperson said that the incident with FireEye shows why the security industry must work together in order to defend against and respond to threats that are posed by well-funded adversaries using sophisticated and well-thought attack techniques.
According to The New York Times, this is the largest known theft of cybersecurity tools since the group The Shadow Brokers hacked onto the system of the National Security Agency.
The attack formed WannaCry, a ransomware attack that happened in 2017 and was used by Russia and North Korea to conduct attacks on businesses, hospitals and other organizations.
The ransomware cryptoworm targeted computers using the Microsoft Windows operating system. It encrypted the data and demanded ransom payments in the Bitcoin cryptocurrency and threatened to release personal information if not paid.
The attack was put on hold a few days after its discovery because of the emergency patches that was released by Microsoft and after a kill switch was used and prevented infected computers from spreading the ransomware further.
The attack have affected more than 200,000 computers across 150 countries. The total damages is estimated to be billions of dollars.
This article is owned by Tech Times
Written by Sieeka Khan