FireEye, a California-based cybersec outfit that’s made a name for itself investigating attacks on high-profile clients, including JP Morgan Chase and Sony, said it was recently hit by a major attack in a statement on Tuesday, noting that it’s own “Red Team” hacking tools were stolen in the breach.
“A Red Team is a group of security professionals authorized and organized to mimic a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture,” the company said, adding that while the attackers grabbed tools ranging from “simple scripts” to “entire frameworks,” many of the techniques were already publicly available.
The firm did not state exactly when the attack took place, and refrained from attributing the breach to any particular actor, however company CEO Kevin Mandia noted in a separate statement that it appeared to be carried out by “a nation with top-tier offensive capabilities.”
“Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers,” Mandia said. “While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information.”
The CEO also observed that, to date, there is no indication any of the stolen tools have been used in further attacks.
Though FireEye’s top cyber experts offered no idea as to who might be behind the data theft, corporate media outlets knew better, immediately declaring shadowy Russian agents as the top suspects. In a story on the breach, a Washington Post headline stated: “Spies with Russia’s foreign intelligence service believed to have hacked a top American cybersecurity firm.” The outlet cites nameless “people familiar with the matter,” offering no detail beyond the assertion itself.
The New York Times, meanwhile, declined to name any country in its headline, only mentioning Russia in a subheading, claiming the attack was “almost certainly” carried out by that nation. Exactly how the newspaper came to that conclusion was left unstated, however, as its story makes a single mention of “evidence” supporting Russian involvement but never elaborates. The Times also noted that the FBI has been alerted to the attack and “turned the case over to its Russia specialists,” but left that claim entirely unsourced.
Another report by Reuters stopped short of directly attributing the hack and confined discussion of Russian responsibility to one paragraph, citing an anonymous former Pentagon official who said that Moscow was “high on the early list of suspects.”
The FireEye breach is far from the first time American media outlets rushed headlong to declare, free of evidence, Russian involvement in a high-profile hack. In October, a warning from the FBI and a number of other federal agencies about an “imminent cyber crime threat” to US hospitals prompted a flurry of articles proclaiming Russia as the potential perpetrator, despite the agencies saying nothing about the identity of the would-be hackers.
Similar allegations have proliferated in the western press since the 2016 US presidential election, beginning with the campaign of Hillary Clinton, which first claimed a Kremlin hacking operation to steal the failed Democratic candidate’s emails. While the US intelligence community later bolstered that narrative, the FBI never took hold of the servers in question, instead relying on information provided by the Democratic National Committee’s own cyber firm, CrowdStrike, whose president acknowledged in 2017 that “there’s no evidence that [the emails] were actually exfiltrated” from the server.
Think your friends would be interested? Share this story!