Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      South African law is failing gig-economy workers

      12 June 2025

      MultiChoice’s TV empire shrinks – but its ‘side hustles’ are holding strong

      12 June 2025

      MultiChoice is bleeding subscribers

      11 June 2025

      Watch | Lunga Siyo on Telkom’s big growth plans

      11 June 2025
    • World

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025

      Mark Zuckerberg has finally found a use for his metaverse

      30 May 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » Why everyone should be worried by the FireEye hack

    Why everyone should be worried by the FireEye hack

    By Agency Staff10 December 2020
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp
    Image: Blake Cheek

    Unless you’re an IT guru, or someone whose professional duties include protecting computer networks from cyberattacks, you may not have heard of FireEye, a little Californian company specialising in digital warfare.

    But you should pay attention to what happened to FireEye recently, because it speaks volumes about persistent threats to private and public security — and the high-stakes robberies that plague even the most sophisticated operators.

    FireEye’s CEO, Kevin Mandia, disclosed on Tuesday that his company’s servers had been hacked. Given that FireEye is a go-to enterprise for governments and corporations bloodied by their own hacks, and that rely on FireEye to defend or rescue them by identifying and blocking breaches, Mandia’s disclosure is revealing.

    Based on my 25 years in cybersecurity and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities

    “Based on my 25 years in cybersecurity and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years,” Mandia said. “The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”

    Who are these guys?

    While the Federal Bureau of Investigation would attribute the FireEye hack only to an “actor” that seemed to be a “nation state”, reporters with the Washington Post were more specific: It was Russia. And not just any Russians, but a group known as “APT29” or “Cozy Bear”, hackers affiliated with the Kremlin’s intelligence services. Cozy Bear’s pedigree includes past hacks of the US state department and White House during the Obama administration and, perhaps most famously, of the Democratic National Committee’s servers during the 2016 presidential campaign. (Who did the dtate department and the White House recruit to clean up the earlier breaches? FireEye.)

    FireEye said the hackers pilfered its so-called “Red Team” tools. That’s the stuff companies like FireEye use to test vulnerabilities of computer networks to make them more resilient. The tools are meant to mimic a complex assault, and now they’re in the hands of a hostile player. FireEye said the hackers focused primarily on information from its government clients, and it released 300 countermeasures for its customers and the public to use against hacks enabled by the stolen tools. The company also said it hadn’t seen any of its tools used yet for break-ins, and none involved “zero-day” exploits — meaning the malware wasn’t used to sneak into and derail a network before defensive patches could be applied.

    “We do not believe that this theft will greatly advance the attacker’s overall capabilities,” FireEye noted.

    FireEye CEO Kevin Mandia

    Maybe. We won’t really know how attackers might use the goodies they ripped off from FireEye until they start trying. The Cybersecurity & Infrastructure Security Agency, a US federal body that monitors digital security, said the thieves could use FireEye’s tools to “take control of targeted systems”. EternalBlue, a hacking tool the US National Security Agency developed to exploit vulnerabilities in Microsoft’s Windows operating system, got out into the wild after the NSA itself was infiltrated in 2017. Hackers successfully used EternalBlue to attack networks for at least a year after the tool was leaked.

    In addition to the federal government, FireEye’s customers have included the city and county of San Francisco, the University of South Carolina, the Penn State Health Milton S Hershey Medical Centre, Sony and Equifax. The company says it has more than 9 600 customers in 103 countries, including more than 50% of the Forbes Global 2000. It also provides digital protection to more than a thousand government and law enforcement agencies worldwide.

    And if FireEye itself can be hacked, who can’t be? Investors aren’t happy with the company. Its share price has plunged more than 13% since it disclosed the attack.

    FireEye isn’t the first security firm to be breached. RSA Security, the company that makes SecurIDs, was hacked back in 2011

    FireEye presumably had lots of complex malware source code on its servers, and either it was lax about leaving sensitive data connected to a network outsiders could access, or its vaunted security protocols weren’t bulletproof. It’s also possible that the hackers weren’t after FireEye’s Red Team tools or even client data. They may have simply wanted to learn how much confidential information FireEye had in its vaults about the world’s most sophisticated digital marauders — folks like Cozy Bear.

    In a world populated with Cozy Bears there are plenty of potential targets.

    On the prowl

    FireEye isn’t the first security firm to be breached. RSA Security, the company that makes SecurIDs, was hacked back in 2011, for example. Duplicates of RSA’s compromised tokens were used to hack Lockheed Martin, a major defence contractor. This year alone, North Korea and Russia have repeatedly tried to hack the servers of pharmaceutical companies pursuing a Covid-19 vaccine. UK and US cybersecurity agencies accused Cozy Bear in July of trying to hack a number of unidentified groups involved in developing a coronavirus vaccine. Pfizer said on Wednesday that coronavirus vaccine documentation it turned over to Europe’s top drug regulator was hacked in a cyberattack on the agency. The NSA recently warned other administrators of national security and defence systems that they were at risk because Russian hackers were exploiting vulnerabilities in products made by VMware, a software company.

    The lesson in all this may be that no person or entity can avoid being hacked if the forces of well-resourced and deft nation states are on the prowl.

    In the most optimistic scenario, all of us may be permanently mired in a never-ending cat-and-mouse game between digital security guards and hackers. The bleaker scenario is endless cyber warfare among countries such as the US, Russia and China — conflicts that have the power to undermine democracy, upend personal privacy, compromise national security, leave societies awash in misinformation and turn that mobile phone you’re holding into a time bomb.  — By Timothy L. O’Brien, (c) 2020 Bloomberg LP



    FireEye Kevin Mandia NSA RSA Security top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleSouth Africa’s Renergen patents helium-cooled cases for Covid-19 vaccines
    Next Article Barry Hore to step down as Discovery Bank CEO

    Related Posts

    NSA chief accuses China of ‘very aggressive’ hacking strategy

    31 May 2024

    China accuses US of hacking Huawei servers

    20 September 2023

    Likely new NSA boss warns of AI dangers

    21 July 2023
    Company News

    Building a cyber-resilient culture from the boardroom to the front lines

    12 June 2025

    How South Africa’s municipalities are finally getting smart

    12 June 2025

    Ransomware roulette: pay up or power through?

    11 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.