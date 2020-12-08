The $ 3.5 billion company, which partly makes its living identifying the culprits of some of the world’s most daring violations – its clients have included Sony and Equifax – declined to say explicitly who was responsible. But his description, and the fact that the FBI turned the matter over to its Russian specialists, leaves little doubt as to the identity of the main suspects and that they were looking for what the company calls “tools of the law”. red team ”.

They are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools – with permission from a corporate client or a government agency – to check for vulnerabilities in their systems. Most of the tools are based in a digital safe that FireEye closely monitors.

The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack as US attention – including that of FireEye – focused on securing the presidential election system. As the country’s public and private intelligence systems tracked down violations of voter registration systems or voting machines, the time may have come for Russian agencies, implicated in the 2016 election violations, to stand up. turn to other targets.

The hack was the largest known theft of cybersecurity tools since those of the National Security Agency were stolen in 2016 by a still unidentified group which calls itself the Shadow brokers. This group threw the NSA hacking tools online for several months, giving nation states and hackers the “keys to the digital realm,” as a former NSA operator put it. North Korea and Russia ultimately used stolen NSA weapons in destructive attacks on government agencies, hospitals and the world’s largest conglomerates – at a cost of more than $ 10 billion.

NSA tools were probably more useful than FireEye’s since the US government manufactures specially designed digital weapons. FireEye’s Red Team tools are essentially built from malware the company has seen used in a wide variety of attacks.