No one is exempt from suffering a cyber attack. Neither are the very companies that are dedicated to protecting from these incidents. The American cybersecurity firm FireEye has reported being the victim of a cybersecurity attack on its systems caused by a state agent. Specifically, the company has called the incident an "attack by a nation with first-rate offensive capabilities."
This is explained in a post published on his website and signed by FireEye CEO Kevin Mandia, who adds that "he has used a novel combination of techniques that we and our partners had not seen in the past."
The company is a provider of Red Team tools, whose mission is, basically, to simulate attacks directed against the organization itself to check its defensive capabilities and find vulnerabilities.
In this sense, FireEye explains that state agents were looking for precisely those tools. This is a serious problem, since the use of these tools could allow attackers to hide their own tracks when launching cyberattacks with them.
Publication of countermeasures
"We are not sure if the attacker intends to use our tools or disclose them publicly," said the CEO of the company. As a precaution, they have developed more than 300 countermeasures for their customers and the wider community to use to minimize the potential impact of the theft of these tools.
That is why FireEye has made these Red Team tool countermeasures available to the public through GitHub to prevent them from being used illicitly. As Mandia explains, "we are proactively launching methods and means to detect the use of our stolen Red Team tools."
The security firm has made the incident known to the FBI, who has confirmed that the attack was the work of a state actor, without specifying which one. The New York Times has pointed to the Russian intelligence agency as the perpetrator of the cyber attack, although no evidence of this has been given.
Actors State
Whatever the end goal of cyber attackers, cyberspace is a key terrain for obtaining information and intelligence. There are many cyber espionage operations that are carried out, and it is not the first time that something like this has happened, nor will it be the last.
The so-called "State actors" have been acting in cyberspace in various fields and with different objectives. Among them cyberwar, influence operations or cyber espionage. Precisely this was highlighted in the latest CCN-CERT Cyber Threats and Trends Report, which highlights as one of the main trends the "increase in actions linked to State actors in the field of influence, propaganda and disinformation operations."
In the cyber espionage environment, States pose a significant threat, precisely due to their greater capacities and resources that they can count on.