The Aftermath of the FireEye Hack Makes Clear the Importance of a Quick Response to any Breach

January 21, 2021

By: Kristin Warner

Last month, cybersecurity firm FireEye, Inc. discovered it had been hacked. This was no ordinary hack conducted merely to gain access to customer data; the target here was much more focused. The hackers, widely believed to be affiliated with Russian intelligence agencies, stole FireEye’s own tool kit consisting of roughly 300 proprietary software tools. You see, a very important part of FireEye’s business has been helping identify the perpetrators of some of the largest data breaches in history. Notably, they were involved in the aftermath of the infamous Sony and Equifax breaches, as well as assisted the State Department and other American government agencies in dealing with the breach by Russian hackers in 2015. 

This is not the first time a hack of this nature has occurred. In 2016, a still anonymous group called the ShadowBrokers, made off with the National Security Agency’s hacking tools and then released them publicly over the course of several months. This hack proved devastating as it is believed that both North Korea and Russia have utilized these stolen tools. The damages caused by them number in the billions of dollars. 

While investigating its own hack, FireEye came across a vulnerability in a product made by one of its software providers, SolarWinds Corp. The same hackers are believed to have planted malware using this vulnerable backdoor, which was then transferred to the systems of SolarWinds customers during a routine software update. At least 25 entities have been identified as being victims of the attack, though SolarWinds acknowledges that the number could actually be in the tens of thousands. 

Using the SolarWinds backdoor, these hackers have now infiltrated the U.S. Departments of Treasury, State and Commerce, the National Institute of Health and the Department of Homeland Security. Homeland Security’s Cybersecurity and Infrastructure Security Agency went so far as issuing an emergency directive ordering all federal agencies to disconnect the potentially infected products from their networks.

Because this is an ongoing investigation, the full extent of the damages is not yet clear. The personal information of millions of Americans is stored within the federal government’s network and it is not yet known whether that data has been compromised. It is also estimated that most Fortune 500 companies used the very popular server software offered by SolarWinds so the effects of this breach could be the widest reaching in history. We will continue to provide updates as they are made known.

If you have any questions about the FireEye or SolarWinds breach, or about cybersecurity or breach response in general, please contact any attorney in the Cybersecurity and Data Privacy practice