Top cybersecurity firm Fire says it was hacked by Nation-State


WASHINGTON – Over the years, cyber security firm Fire has been the first call for government agencies and companies around the world who have been hacked or intimidated by highly sophisticated attackers.

Now it looks like the hackers – in this case, the evidence pointed to Russia’s intelligence agencies – will take their revenge.

FireEye announced Tuesday that its own systems had been pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers use “novel techniques” to create its own tool kit, which could be useful in launching new attacks around the world.

It was a spectacular burglary, resembling a bank robbery that turned out to be a local vault and turned into an FBI investigation. In fact, FireA said on Tuesday that he had called the FBI shortly after the stock market closed.

. The billion-dollar company, which has included some of the world’s most discouraged breaches – including Sony and Equifax – among its customers – declined to say who was responsible. But his description, and the fact that the FBI turned the case over to his Russian experts, who the lead suspects were and the company “Red Team Tools.”

These are essentially digital tools that mimic the most sophisticated hacking tools in the world. Fire uses tools to detect vulnerabilities in their systems – with the approval of the client company or government agency. Most of the tools in the digital vault are closely guarded by fire.

Heck it is more likely that Russian intelligence agencies saw an advantage in escalating the attack while American attention – including fire – was focused on securing the presidential election system. At a time when the country’s public and private intelligence systems are investigating breaches of voter registration systems or voting machines, it would be a good time for Russian agencies involved in the 2011 election fraud to turn a blind eye. Other targets.

The hack was the biggest known theft of cybersecurity tools since the National Security Agency purged itself in 2016 by an still unknown group called ShadowBrokers. The group had dumped NSA’s hacking tools dumpline for months, handing over “keys to the digital kingdom” to nation-states and hackers, as a former NSA operator put it. North Korea and Russia eventually used NSA’s stolen weapons in destructive attacks at a cost of 10 10 billion to government agencies, hospitals and the world’s largest conglomerate.

The NSA’s tools have become more useful than firearms since the U.S. government made purpose-built digital weapons. Firey’s Red Team tools are essentially made from malware, which the company has seen used in many attacks.

However, the advantage of using stolen weapons is that nation-states can hide their own tracks when they attack.

Patrick Werdle, a former NSA hacker and chief security researcher at software company Jumph, said hackers could take advantage of FireA’s tools to hack high-profile targets with risk and profitability. “In hazardous environments, you don’t want to burn your best equipment, so this gives advanced opponents a way to use someone else’s equipment without burning their best abilities.”

A Chinese state-sponsored hacking group was previously caught in attacks around the world using NSA hacking tools, apparently after discovering NSA tools on its own systems. “It’s like a brain,” Mr. Verdale said.

This breach is likely to be a black eye for the fire. Its investigators worked with Sony after the catastrophic attack in 2014, which the firm later attributed to North Korea. The fire was called after the State Department and other U.S. government agencies were breached by Russian hackers in 2015. And its larger corporate clients include Equifex, a credit monitoring service that was hacked three years ago, affecting nearly half of the American population. .

In the Firey Attack, the hackers went to extraordinary lengths to avoid being seen. They created thousands of Internet Protocol addresses – many within the United States – that had never been used in an attack before. By using that address to attack their address, hackers were allowed to better hide their whereabouts.

“This attack is different from the tens of thousands of incidents we’ve had over the years,” said Kevin Mandia, FireA’s chief executive. (He was the founder of Mandiant, a pay firm acquired by FireA in 2014.)

But Fire said it is still investigating how hackers breached its most secure systems. The details were thin.

Mr Mandia, a former Air Force intelligence officer, said the attackers had “specialized their world-class capabilities to target and attack fireflies.” He said he was found to be highly trained for “operational security” and was displaying “discipline and attention” as he proceeded mysteriously, hiding from security equipment and forensic examination investigations. Google, microsoft .ft and other companies that do cybersecurity investigations say they have never seen some of these technologies.

Fire also released key components of its “Red Team” tools so that others around the world would see the attacks coming.

U.S. investigators are trying to determine if the attack has anything to do with any other sophisticated operation that the NSA said was behind Russia in a warning issued Monday. It comes in a type of machine software, called VM for virtual machines, which is widely used by defense companies and manufacturers. The NSA declined to say what the targets were. It is unclear whether the Russians used their success in that breach to gain access to Firey’s systems.

An attack on fire can be that kind of revenge. The company’s investigators have repeatedly called Russian hackers behind high-profile Russian military intelligence – GRU, SVR and FSB, the KGB’s successor in the Soviet era – for high-profile hacks on power grids in Ukraine and on American municipalities. Were, the very last step before provoking the explosion.

James A., a cybersecurity expert at the Center for Strategic and International Studies in Washington. “The Russians believe in revenge,” Lewis said. “Suddenly, Firey’s customers are sensitive.”

On Tuesday, Russia’s national organization for international information security held a forum with global security experts, where Russian officials reiterated that there was no evidence that its hackers were responsible for the attack, which resulted in American sanctions and allegations.

Security companies are becoming a frequent target for nation-states and hackers, as their devices maintain a deeper level of access to corporate and government customers around the world. By hacking into those tools and stealing source code, spies and hackers can infiltrate victims’ systems.