FireEye Attacked By A Foreign Government

Uploaded on 2020-12-11 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

FireEye has revealed that foreign government hackers, with “world-class capabilities”, broke into its network and stole tools that it uses to test the defenses of its thousands of customers. One of the largest and reputable cyber security companies in the US, FireEye has clients and customers that include US federal, state and local governments as well as major global corporations.

The concern is that these stolen tools could make it much easier for the hackers to launch cyber attacks against unsuspecting and vulnerable organisations anywhere.

The hackers stole what the firm calls "Red Team tools" that it uses to mimic the behavior of many malicious cyber actors and enables it to assess its customers' diagnostic security services.The methods deployed deflected security tools and prevented forensic examination. 

FireEye said. "We're not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, we are proactively releasing methods and means to detect the use of our stolen Rem Team tools."

The hackers “primarily sought information related to certain government customers”, said FireEye’s CEO, Kevin Mandia, in a statement, without naming them. He said there was no indication the hackers got customer information from the company’s consulting or incident-response businesses or threat intelligence data it collects. “I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said, deeming it “different from the tens of thousands of incidents we have responded to throughout the years”.

The hack of FireEye, a company with an array of business contracts across the national security space in the US and among its allies, is among the most significant breaches in recent memory.

It is not clear exactly when the hack initially took place and in addition to the theft of tools, the hackers also appeared to be interested in a subset of FireEye customers: government agencies. “We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber-attacks,” Mandia wrote. The company itself has partnered in recent weeks with different software makers to share defensive measures.

As yet , no evidence has been revealed that that FireEye’s hacking tools have been used or that client data was exfiltrated, although the investigation, which includes help from the FBI and Microsoft, is at an early stage.

The stolen computer espionage kit targets a myriad of different vulnerabilities in popular software products. It is not yet clear exactly which systems may be affected.But Mandia wrote that none of the red team tools exploited so-called “zero-day vulnerabilities”, meaning the relevant flaws should already be public. Experts say it can be difficult to measure the impact of a hacking tool leak which focuses on known software vulnerabilities. When a private company becomes aware of a vulnerability in their software product, they often try to offer a “patch” or upgrade that nullifies the issue. Yet users do not always download these patches quickly, leaving themselves exposed for months or weeks.

Mark Warner, the Democratic vice-chairman of the US Senate select committee on intelligence commented that: “The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyber-attacks... We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers. As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors on which we all rely.”

FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the US that administer elections.The firm was credited with attributing to Russian military hacker’s mid-winter attacks in 2015 and 2016 on Ukraine’s energy grid.

FireEye:        Reuters:          Guardian:           UPI:               Techcrunch:

You Might Also Read:

Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake':

 

« Successful Hack On EU Vaccine Agency
Facebook Could Be Broken Up »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Akin Gump Strauss Hauer & Feld

Akin Gump Strauss Hauer & Feld

Akin is a leading global law firm providing innovative legal services and business solutions to individuals and institutions. Practice areas include Cybersecurity, Privacy and Data Protection.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

Octane OC

Octane OC

OCTANe is building the SoCal of tomorrow. We drive innovation and growth by connecting people, resources and capital. Our Incubator focus is FinTech, Data Analytics and Cybersecurity.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

ImmuneBytes

ImmuneBytes

ImmuneBytes is a cutting-edge security startup that aims to provide a secure blockchain environment for a dependable and open Web3 ecosystem.

OccamSec

OccamSec

OccamSec is a leading provider in the world of cybersecurity. We provide accurate, actionable information to reduce risk and enable better informed decisions.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.

CyXcel

CyXcel

CyXcel is a cyber security consulting business grounded in the law which natively fuses crises, legal, technical, and consulting expertise digital networks, information and operational technology.