Security Market Segment LS
Wednesday, 16 December 2020 12:11

When did FireEye know its defences had been breached? Featured

When did FireEye know its defences had been breached? Image by succo from Pixabay

ANALYSIS When did American cyber security firm FireEye become aware that it had been compromised and its crown jewels — its Red Team tools — stolen?

The company announced the theft on 8 December AEDT, but even yesterday (Tuesday) had no comment to offer as to when it became aware of the compromise.

An inquiry from iTWire merited this response from a FireEye spokeswoman on Tuesday: "This is an active investigation and we are not releasing a breakdown of the timeline."

Tech industry sources have told iTWire that rumours about a break-in at FireEye have been floating around at least since 30 October.

Additionally, a Danish firm, CSIS Cyber, says FireEye was informed about intrusions into a number of its internal systems by the Trickbot trojan, again as early as October.

CSIS Cyber's Peter Kruse tweeted: "We at @csis_cyber have notified @ FireEye about several compromised internal machines as well as clients logging into their services happening up until October 2020. All popped by #trickbot and one likely sold in December 2019."

FireEye has also been accused of having poor security for its Internet-facing infrastructure; the claim was made by Andy Jenkinson, chief executive of UK-based Cybersec Innovation Partners, a company that does PKI discovery and also claims to be "management experts for all Internet-facing and internal security".

The game has been given away to some extent by a detailed study, the results of which FireEye released on Monday AEDT. No less than 43 of its staff were named as being involved in that research – plus three more from Microsoft.

Such an exercise could not have been done overnight and not even in a week or two. It would have taken months of painstaking and irritating work, especially since the company could not afford to put a foot wrong as its reputation was at stake.

So was FireEye continuing to sell its services to other companies after it was breached, without informing them about the breach? That is the $64 million question.

Given that it is a publicly listed firm, FireEye had no option but to come out and make a statement about the goings-on within its network. Additionally, given the profile that it has built up for itself, it would have been conscious that it could not indulge in braggadocio as it has often done in the past.

It must have taken a great deal of control on the part of chief executive Kevin Mandia — normally a man given to much flamboyance and announcements about attribution at the drop of a hat — to provide a restrained account and eat crow in public.

But he will be able to draw the curtain on this episode only after he comes out in the open and tells world+dog when his firm was breached, accepts responsibility — no matter what software was used to breach FireEye's defences, the security firm is supposed to be the guardian, not the exploited — and apologises to all and sundry.

The CEO generally takes the rap when things go bad at a company. Mandia would do well to bear that in mind – and also the thought that there are likely to be several other well-qualified techies waiting in the wings, and salivating at the thought of heading FireEye themselves.

Read 2581 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News