FireEye, you are in so much trouble!

Introduction

On 8th December 2020, FireEye disclosed that they were hacked and the hackers got away with their Red teaming tools and they have no idea who was behind this attack.

When all efforts to identify the probable attacker fail it becomes it easily becomes the act perpetrated by “state-backed hackers.”

In his blogpost, FireEye CEO, Kevin Mandia, says :

“Based on my 25 years in cybersecurity and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”

Today, 9Dec2020, it was revealed that the APT behind this attack was Cozy Bear, which is sponsored by the Russian state, it is unclear if it is SVR or FSB.

One thing that surprises me is that if the perpetrators were so “advanced” why did they need…