Neither Mandia nor a FireEye spokeswoman
said when the company detected the hack or
who might be responsible. But many in the
cybersecurity community suspect Russia.
“I do think what we know of the operation
is consistent with a Russian state actor,” said
former NSA hacker Jake Williams, president
of Rendition Infosec. “Whether or not
customer data was accessed, it’s still a big win
for Russia.”
FireEye’s Mandia said he had concluded that “a
nation with top-tier offensive capabilities” was
behind the attack.
The stolen “red team” tools — which amount
to real-world malware — could be dangerous
in the wrong hands. FireEye said there’s no
indication they have been used maliciously.
But cybersecurity experts say sophisticated
nation-state hackers could modify them and
wield them in the future against government or
industry targets.
The hack was the biggest blow to the U.S.
cybersecurity community since a mysterious
group known as the “Shadow Brokers” in 2016
released a trove of high-level hacking tools
stolen from the National Security Agency. The
U.S. believes North Korea and Russia capitalized
on the stolen tools to unleash devastating
global cyberattacks.
The nation’s Cybersecurity and Infrastructure
Security Agency warned that “unauthorized
third-party users” could similarly abuse FireEye’s
stolen red-team tools.
Milpitas, California-based FireEye, which is
publicly traded, said in Tuesday’s statement
that it had developed 300 countermeasures to