FireEye Inc (NASDAQ: FEYE) stock surged 33.73% on December 18th, 2020 and continued its bullish momentum rising over 7.6% on December 21st, 2020 (As of 10:06 am GMT-5; Source: Google finance) to new high as companies and U.S. agencies seek to find out if they were hacked and to what extent in large-scale cyber attack. While it is relatively simple for engineers to discover if the hackers used the vulnerability on a specific network, it takes a lot of work to investigate what they may have done after gaining entry, and companies like FireEye and CrowdStrike are anticipated to get lots of work. There was a breach executed through a vulnerability in ubiquitous network-monitoring software from SolarWinds Inc. which hackers believed to be connected to a notorious Russian group used to potentially infiltrate thousands of companies and government agencies. Security-software company FireEye Inc. discovered the breach when one of its own tools suffered because of it, and disclosed its hack last week and informed SolarWinds of the issue on Saturday, according to filings with the Securities and Exchange Commission.
Meanwhile, the news of the cyberattack technically first declared on December 8, when FEYE put out a blog detecting an attack on its systems. The attack is said to be carried out by a nation “with top-tier offensive capabilities”, and “the attacker primarily sought information related to certain government customers.” It also said the methods used by the attackers were novel. Then on December 13 FEYE said cyberattack, which it named Campaign UNC2452, was not limited to the company but had targeted various “public and private organizations around the world”. The campaign that started in March 2020 were ongoing for months. Worse, the extent of data stolen or compromised is still unknown, as the scale of the attack is still being discovered. After systems were compromised, “lateral movement and data theft” took place.
Moreover, this incident is also called a ‘Supply Chain’ attack as instead of directly attacking the federal government or a private organization’s network, the hackers made the target to a third-party vendor, which supplies software to them. In this case, the target was an IT management software called Orion, which is supplied by the Texas-based company SolarWinds.
In addition, Microsoft has also confirmed it has found evidence of the malware on their systems, although it added there was no evidence of “access to production services or customer data”, or that its “systems were used to attack others”.