Leading cybersecurity firm FireEye said on Tuesday that it had fallen victim to the type of security breach it typically helps other companies and government agencies defend themselves against, and that the culprit was a highly sophisticated nation-state with “top-tier offensive capabilities” that rhymes with Frussia.
In a blog post, FireEye CEO Kevin Mandia said that the hackers had used “novel techniques” to lift the company’s own tool kit in attack that was “different from the tens of thousands of incidents we have responded to throughout the years.”
Although Mandia did not explicitly name a suspect in the blog post, there’s good reason to think that Russian intelligence agencies masterminded the attack. Exhibit A: The F.B.I. has reportedly turned the case over to its Russia specialists. Exhibit B: The attack appears to have been orchestrated to take place while the U.S.-based cybersecurity firm was preoccupied with ensuring the integrity of the American general election — something the Russians know a thing or two about exploiting.
Matt Gorham, assistant director of the F.B.I. Cyber Division, refused to confirm to the New York Times whether Russia was a top suspect in the attack, saying only that the agency was investigating the incident as the work of an “actor with a high level of sophistication consistent with a nation-state.”
FireEye, worth $3.5 billion, is notoriously the go-to cybersecurity detective agency for the world’s most high-profile data breaches, with companies like Sony and Equifax among its top clients.
If Russia is indeed behind the attacks, the breach could be a retaliatory strike against an investigative arm that has long pinpointed that country’s military intelligence as the main aggressor behind high-profile security attacks around the world. The fact that hackers specifically targeted FireEye’s so-called “Red Team” kits — sophisticated digital tools used to probe vulnerabilities in a client’s system — suggests that the aggressor could plan to utilize those tools to exploit future victims’ systems.
In an effort to prevent its own tools from being used against its clients, FireEye published several key elements of the “Red Team” tools so that potential attackers wielding the technology would be easier to spot.