The hunter has become the prey.
The American computer security company FireEye was the victim of a targeted cyber attack which turned into a burglary.
"We were recently attacked by a very sophisticated intruder, whose discipline, operational security and techniques lead us to believe it was a state sponsored attack," writes the California group in a blog post.
Beyond the irony of the situation, this specialist in cybersecurity for companies and governments - recognized and esteemed by his competitors - lost in the operation of the Red Team kits or IT tools used by his audit experts to test the defenses of its clients and advise them.
Stolen intrusion tools
"The attackers took a toolbox which provides all the software useful for automating attacks in order to gain a foothold in a computer system," analyzes a French expert in this sector in which it is frowned upon to comment on the woes of competitors.
"These intrusion kits exploit vulnerabilities that are already well documented but this can allow hackers to save time in their intrusions on tedious techniques such as extracting passwords", underlines this specialist who has already used the tools of FireEye.
"Fortunately, these software leave traces," signatures ", which FireEye had the good idea to publish after the flight so that they can be detected by the security systems and rendered ineffective" he breathes.
This heavyweight in the cyber industry, which has several CAC 40 companies as clients, was quick to point out the responsibility of a seasoned group employed by a cyberespionage service.
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
“Based on my 25 years of cybersecurity experience, I concluded that we are witnessing an attack commanded by a nation with high-level offensive capabilities,” said Kevin Mandia, group leader. .
The FBI dispatched as reinforcements
"Blaming state-aided attackers in most cases clears their failure, but FireEye is more than credible because they are familiar with sophisticated attacks.
This can happen to the best, ”explains our expert.
By analyzing hot, he indicates that the hackers operated "clandestinely, using methods that thwart security tools and leave no traces".
The hacker hunter even claims to "never have encountered such technical combinations in the past".
This observation is shared by the FBI and the software giant Microsoft, both called in support.
In a statement Tuesday, the US Cybersecurity Agency, CISA, also immediately indicated that the intrusion came "from a very sophisticated threat actor."
According to FireEye, the hackers primarily sought information relating to government clients, which is consistent with the purpose of cyber espionage on the part of nation states.
The appearance or not of stolen tools on a DarkWeb resale platform should also provide information on the intended purpose.
The "usual suspects"
Often singled out, Russian pirate groups figure prominently on the list of “usual suspects”.
In recent years, FireEye had also spotted the work of elite North Korean hackers behind a wave of cyberbites against banks.
A year ago, its analysts also warned of the increased activity of a group of hackers linked to Iran.
Attribution of a cyberattack is always a complicated process and the hits travel to cyberspace out of sight anyway.