FireEye Attacked By A Foreign Government

Uploaded on 2020-12-11 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

FireEye has revealed that foreign government hackers, with “world-class capabilities”, broke into its network and stole tools that it uses to test the defenses of its thousands of customers. One of the largest and reputable cyber security companies in the US, FireEye has clients and customers that include US federal, state and local governments as well as major global corporations.

The concern is that these stolen tools could make it much easier for the hackers to launch cyber attacks against unsuspecting and vulnerable organisations anywhere.

The hackers stole what the firm calls "Red Team tools" that it uses to mimic the behavior of many malicious cyber actors and enables it to assess its customers' diagnostic security services.The methods deployed deflected security tools and prevented forensic examination. 

FireEye said. "We're not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, we are proactively releasing methods and means to detect the use of our stolen Rem Team tools."

The hackers “primarily sought information related to certain government customers”, said FireEye’s CEO, Kevin Mandia, in a statement, without naming them. He said there was no indication the hackers got customer information from the company’s consulting or incident-response businesses or threat intelligence data it collects. “I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said, deeming it “different from the tens of thousands of incidents we have responded to throughout the years”.

The hack of FireEye, a company with an array of business contracts across the national security space in the US and among its allies, is among the most significant breaches in recent memory.

It is not clear exactly when the hack initially took place and in addition to the theft of tools, the hackers also appeared to be interested in a subset of FireEye customers: government agencies. “We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber-attacks,” Mandia wrote. The company itself has partnered in recent weeks with different software makers to share defensive measures.

As yet , no evidence has been revealed that that FireEye’s hacking tools have been used or that client data was exfiltrated, although the investigation, which includes help from the FBI and Microsoft, is at an early stage.

The stolen computer espionage kit targets a myriad of different vulnerabilities in popular software products. It is not yet clear exactly which systems may be affected.But Mandia wrote that none of the red team tools exploited so-called “zero-day vulnerabilities”, meaning the relevant flaws should already be public. Experts say it can be difficult to measure the impact of a hacking tool leak which focuses on known software vulnerabilities. When a private company becomes aware of a vulnerability in their software product, they often try to offer a “patch” or upgrade that nullifies the issue. Yet users do not always download these patches quickly, leaving themselves exposed for months or weeks.

Mark Warner, the Democratic vice-chairman of the US Senate select committee on intelligence commented that: “The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyber-attacks... We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers. As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors on which we all rely.”

FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the US that administer elections.The firm was credited with attributing to Russian military hacker’s mid-winter attacks in 2015 and 2016 on Ukraine’s energy grid.

FireEye:        Reuters:          Guardian:           UPI:               Techcrunch:

You Might Also Read:

Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake':

 

« Successful Hack On EU Vaccine Agency
Facebook Could Be Broken Up »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Social-Engineer Inc

Social-Engineer Inc

Social-Engineer is a consulting and training company specializing in the science of social engineering in the context of digital security.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

Checksum Consultancy

Checksum Consultancy

Checksum Consultancy specializes in Information security, Risk management, and IT governance.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

360° Online Brand Protection

360° Online Brand Protection

360° Online Brand Protection have developed a response to monitor counterfeiting and piracy activity at the online point of sale.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

Start Left™ Security

Start Left™ Security

Start Left™ Security's Tauruseer Platform is the patented data-driven security posture management solution that provides a complete life cycle approach for proactive security in one place. 

Vali Cyber

Vali Cyber

Vali Cyber was founded in 2020 with the mission of addressing the specific cybersecurity needs of Linux.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.