US cybersecurity company FireEye HACKED, blames breach on ‘nation state’ as media cry ‘Russian hackers’... because who else?

9 Dec, 2020 03:00 / Updated 4 years ago

A preeminent US cybersecurity firm said it fell victim to an attack launched by a “highly sophisticated state-sponsored adversary.” Though it declined to name a culprit, media outlets have rushed to pin the breach on Moscow.

FireEye, a California-based cybersec outfit that’s made a name for itself investigating attacks on high-profile clients, including JP Morgan Chase and Sony, said it was recently hit by a major attack in a statement on Tuesday, noting that it’s own “Red Team” hacking tools were stolen in the breach.

“A Red Team is a group of security professionals authorized and organized to mimic a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture,” the company said, adding that while the attackers grabbed tools ranging from “simple scripts” to “entire frameworks,” many of the techniques were already publicly available.

The firm did not state exactly when the attack took place, and refrained from attributing the breach to any particular actor, however company CEO Kevin Mandia noted in a separate statement that it appeared to be carried out by “a nation with top-tier offensive capabilities.”

“Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers,” Mandia said. “While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information.”

The CEO also observed that, to date, there is no indication any of the stolen tools have been used in further attacks.

Also on rt.com FBI declares HACKERS targeting think tanks ‘shaping US policy’… same NGOs that fearmonger about foreign hacking

Though FireEye’s top cyber experts offered no idea as to who might be behind the data theft, corporate media outlets knew better, immediately declaring shadowy Russian agents as the top suspects. In a story on the breach, a Washington Post headline stated: “Spies with Russia’s foreign intelligence service believed to have hacked a top American cybersecurity firm.” The outlet cites nameless “people familiar with the matter,” offering no detail beyond the assertion itself.

The New York Times, meanwhile, declined to name any country in its headline, only mentioning Russia in a subheading, claiming the attack was “almost certainly” carried out by that nation. Exactly how the newspaper came to that conclusion was left unstated, however, as its story makes a single mention of “evidence” supporting Russian involvement but never elaborates. The Times also noted that the FBI has been alerted to the attack and “turned the case over to its Russia specialists,” but left that claim entirely unsourced.

Another report by Reuters stopped short of directly attributing the hack and confined discussion of Russian responsibility to one paragraph, citing an anonymous former Pentagon official who said that Moscow was “high on the early list of suspects.”

Also on rt.com FBI warns of ‘imminent cybercrime threat to US HOSPITALS,’ sending media & pundits into overdrive to blame ‘Russian hackers’

The FireEye breach is far from the first time American media outlets rushed headlong to declare, free of evidence, Russian involvement in a high-profile hack. In October, a warning from the FBI and a number of other federal agencies about an “imminent cyber crime threat” to US hospitals prompted a flurry of articles proclaiming Russia as the potential perpetrator, despite the agencies saying nothing about the identity of the would-be hackers.

Similar allegations have proliferated in the western press since the 2016 US presidential election, beginning with the campaign of Hillary Clinton, which first claimed a Kremlin hacking operation to steal the failed Democratic candidate’s emails. While the US intelligence community later bolstered that narrative, the FBI never took hold of the servers in question, instead relying on information provided by the Democratic National Committee’s own cyber firm, CrowdStrike, whose president acknowledged in 2017 that “there’s no evidence that [the emails] were actually exfiltrated” from the server.

Also on rt.com Google researchers reveal exploit that let hackers ‘own’ iPhones REMOTELY - but waited 6 months to tell the world

Think your friends would be interested? Share this story!