Worlds leading cybersecurity Firm FireEye Hacked by State-sponsor hackers and stolen the red team tools and some of them are openly available.
FireEye is one of the leading cybersecurity companies, and the CEO of the company, Kevin Mandia, has recently published that they have encountered a severe attack by the threat actor dispensing all the symbols of a state-sponsored hacking group.
This attack is totally different from the tens of thousands of previous events that have been responded to throughout the years. However, Kevin Mandia did not confirm who carried the attack in his report; But, the FBI is investigating the whole incident.
Apart from this, one of the most important priorities is to increase the security of its consumers and the wider community. According to the cybersecurity firm, the attacker was initially seeking out data related to specific government customers.
However, it does not appear that any customer data was stolen in the attack. The threat actors primarily investigated information that are related to the company’s government customers.
Not only that, but it also targeted and obtained the firm’s ‘Red Team’ tools, and this tool mimics the performance of many cyber attackers, and it also allows FireEye to implement all the necessary demonstrative security services to their customers.
Apart from this, once the report of the breach was published, the shares of FireEye fell 8% down.
Hacker showed all the signs of a state-backed threat actor
After knowing about the data breach, FireEye checked the attack procedure and all their techniques, which lead the experts to believe that it was a state-sponsored attack. The CEO of the firm affirmed that this cybersecurity attack is a highly sophisticated data breach.
The attackers have specifically breached the assets of FireEye and used techniques that are designed to encounter both forensic examination and the security tools that expose the malicious activity.
Kevin Mandia asserted that based on his 25 years in a cybersecurity firm, “he has concluded that they see an attack by a nation with top-tier offensive abilities. In one of his statements, Mandia said that the attack was different from the tens of thousands of events and conflicts they have responded to throughout the years.”
The experts also pronounced that they used a novel combination of methods witnessed by the firm and their partners for the first time. However, the threat actors were using a novel variety of techniques.
Hackers stole FireEye Red Team tools
After investigating the conflict, it got clear that the attackers have targeted and accessed some Red Team assessment tools that were used to test the customers’ security. But, there was not a single tool that contains zero-day exploits.
All the stolen tools from the range of simple scripts that are used for automating surveillance to complete frameworks that are related to openly available technologies like CobaltStrike and Metasploit.
Govt. customers’ data also targeted
The threat actors have also tried to assemble data on government customers and gain access to some FireEye internal systems. But after investigation, no evidence shows that the attacker exfiltrated the data from the primary systems.
These systems collect all the customer information from the incident response or discussing engagements or the metadata that have been accumulated by the products in the dynamic threat intelligence systems.
Measures taken by FireEye
The measures that were taken by FireEye has been mentioned below:-
- They have planned the countermeasures that can discover or block the use of the stolen Red Team tools.
- They have also implemented some countermeasures into the security products.
- The experts are sharing these countermeasures with all their colleagues in the security community so that they can renew their security tools.
- Experts are trying to make all these countermeasures publicly available in their blog post, “Unauthorized Access of FireEye Red Team Tools.”
- They will continue to share and refine any further mitigations for the Red Team tools as they are now available, both publicly and instantly, with our security partners.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.
