An investigation into the hacking of a cyber-security company appears to have revealed a global intrusion campaign affecting US government networks, among other targets. FireEye – one of the world’s largest cyber-security companies – announced on 8 December that it had been the victim of an intrusion by a “nation with top-tier offensive capabilities”. On the company’s blog, Chief Executive Officer Kevin Mandia stated that the attackers had “used a novel combination of techniques not witnessed by us or our partners in the past”.
The FireEye corporate logo is shown on a smartphone on 7 July 2020. FireEye was the subject of a sophisticated cyber intrusion that subsequently revealed operations against US government entities, among others. (Rafael Henrique/SOPA Images/LightRocket via Getty Images)
On 13 December, FireEye released an update, stating that it was tracking a broader campaign that had begun in early 2020. According to FireEye, the actor behind the attack had the ability to insert malicious code into legitimate updates for a widely used network management platform called Orion. Supply-chain attacks of this kind pose a severe threat because they exploit a trusted relationship. FireEye stated that the attacks themselves were not automated, but instead required “meticulous planning and manual interaction”.
SolarWinds, the company that produces Orion, released an advisory noting that its software had been the target of a “highly sophisticated, manual supply chain attack”. SolarWinds CEO Kevin Thompson stated that the company was “acting in close coordination with FireEye” and the US intelligence community to investigate. The United States’ Department of Homeland Security issued an advisory about the compromise of the Orion code, recommending “[d]isconnecting affected devices”.
Looking to read the full article?
Gain unlimited access to Janes news and more...