FireEye Attacked By A Foreign Government

Uploaded on 2020-12-11 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

FireEye has revealed that foreign government hackers, with “world-class capabilities”, broke into its network and stole tools that it uses to test the defenses of its thousands of customers. One of the largest and reputable cyber security companies in the US, FireEye has clients and customers that include US federal, state and local governments as well as major global corporations.

The concern is that these stolen tools could make it much easier for the hackers to launch cyber attacks against unsuspecting and vulnerable organisations anywhere.

The hackers stole what the firm calls "Red Team tools" that it uses to mimic the behavior of many malicious cyber actors and enables it to assess its customers' diagnostic security services.The methods deployed deflected security tools and prevented forensic examination. 

FireEye said. "We're not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, we are proactively releasing methods and means to detect the use of our stolen Rem Team tools."

The hackers “primarily sought information related to certain government customers”, said FireEye’s CEO, Kevin Mandia, in a statement, without naming them. He said there was no indication the hackers got customer information from the company’s consulting or incident-response businesses or threat intelligence data it collects. “I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said, deeming it “different from the tens of thousands of incidents we have responded to throughout the years”.

The hack of FireEye, a company with an array of business contracts across the national security space in the US and among its allies, is among the most significant breaches in recent memory.

It is not clear exactly when the hack initially took place and in addition to the theft of tools, the hackers also appeared to be interested in a subset of FireEye customers: government agencies. “We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber-attacks,” Mandia wrote. The company itself has partnered in recent weeks with different software makers to share defensive measures.

As yet , no evidence has been revealed that that FireEye’s hacking tools have been used or that client data was exfiltrated, although the investigation, which includes help from the FBI and Microsoft, is at an early stage.

The stolen computer espionage kit targets a myriad of different vulnerabilities in popular software products. It is not yet clear exactly which systems may be affected.But Mandia wrote that none of the red team tools exploited so-called “zero-day vulnerabilities”, meaning the relevant flaws should already be public. Experts say it can be difficult to measure the impact of a hacking tool leak which focuses on known software vulnerabilities. When a private company becomes aware of a vulnerability in their software product, they often try to offer a “patch” or upgrade that nullifies the issue. Yet users do not always download these patches quickly, leaving themselves exposed for months or weeks.

Mark Warner, the Democratic vice-chairman of the US Senate select committee on intelligence commented that: “The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyber-attacks... We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers. As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors on which we all rely.”

FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the US that administer elections.The firm was credited with attributing to Russian military hacker’s mid-winter attacks in 2015 and 2016 on Ukraine’s energy grid.

FireEye:        Reuters:          Guardian:           UPI:               Techcrunch:

You Might Also Read:

Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake':

 

« Successful Hack On EU Vaccine Agency
Facebook Could Be Broken Up »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

MarQuest

MarQuest

MarQuest provides services and systems to enhance network reliability and security.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

Georgia Cyber Center

Georgia Cyber Center

Georgia Cyber Center is dedicated to training the next generation of professionals through education and real-world practice while also supporting innovation in new technologies for online defenses.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Packetlabs

Packetlabs

Packetlabs specializes in penetration testing services and application security.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

ITRM

ITRM

ITRM are one of the UK’s top managed service providers and offer a range of award-winning IT solutions, from ad-hoc consultancy to cyber security.

DataPatrol

DataPatrol

DataPatrol is a software company, specialized in providing Security and Privacy of company’s data and information in an evolved way.