FireEye Attacked By A Foreign Government

Uploaded on 2020-12-11 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

FireEye has revealed that foreign government hackers, with “world-class capabilities”, broke into its network and stole tools that it uses to test the defenses of its thousands of customers. One of the largest and reputable cyber security companies in the US, FireEye has clients and customers that include US federal, state and local governments as well as major global corporations.

The concern is that these stolen tools could make it much easier for the hackers to launch cyber attacks against unsuspecting and vulnerable organisations anywhere.

The hackers stole what the firm calls "Red Team tools" that it uses to mimic the behavior of many malicious cyber actors and enables it to assess its customers' diagnostic security services.The methods deployed deflected security tools and prevented forensic examination. 

FireEye said. "We're not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, we are proactively releasing methods and means to detect the use of our stolen Rem Team tools."

The hackers “primarily sought information related to certain government customers”, said FireEye’s CEO, Kevin Mandia, in a statement, without naming them. He said there was no indication the hackers got customer information from the company’s consulting or incident-response businesses or threat intelligence data it collects. “I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said, deeming it “different from the tens of thousands of incidents we have responded to throughout the years”.

The hack of FireEye, a company with an array of business contracts across the national security space in the US and among its allies, is among the most significant breaches in recent memory.

It is not clear exactly when the hack initially took place and in addition to the theft of tools, the hackers also appeared to be interested in a subset of FireEye customers: government agencies. “We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber-attacks,” Mandia wrote. The company itself has partnered in recent weeks with different software makers to share defensive measures.

As yet , no evidence has been revealed that that FireEye’s hacking tools have been used or that client data was exfiltrated, although the investigation, which includes help from the FBI and Microsoft, is at an early stage.

The stolen computer espionage kit targets a myriad of different vulnerabilities in popular software products. It is not yet clear exactly which systems may be affected.But Mandia wrote that none of the red team tools exploited so-called “zero-day vulnerabilities”, meaning the relevant flaws should already be public. Experts say it can be difficult to measure the impact of a hacking tool leak which focuses on known software vulnerabilities. When a private company becomes aware of a vulnerability in their software product, they often try to offer a “patch” or upgrade that nullifies the issue. Yet users do not always download these patches quickly, leaving themselves exposed for months or weeks.

Mark Warner, the Democratic vice-chairman of the US Senate select committee on intelligence commented that: “The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyber-attacks... We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers. As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors on which we all rely.”

FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the US that administer elections.The firm was credited with attributing to Russian military hacker’s mid-winter attacks in 2015 and 2016 on Ukraine’s energy grid.

FireEye:        Reuters:          Guardian:           UPI:               Techcrunch:

You Might Also Read:

Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake':

 

« Successful Hack On EU Vaccine Agency
Facebook Could Be Broken Up »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

Cyber Security National Lab (CINI)

Cyber Security National Lab (CINI)

The Cyber Security National Lab brings together Italian academic excellence in Cyber Security research.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Apomatix

Apomatix

Apomatix is a platform that simplifies the complexity of cyber risk audit and management.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Mayhem

Mayhem

Mayhem, by ForAllSecure, is a developer-first application and API security testing solution.

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

European Center for CyberSecurity in Aviation (ECCSA)

European Center for CyberSecurity in Aviation (ECCSA)

ECCSA is a cooperative partnership within the aviation community to better understand emerging cybersecurity risks in aviation and provide collective support in dealing with cybersecurity incidents.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

Telindus

Telindus

Telindus is the strategic IT partner for the flexible organization of the future. We build optimal IT infrastructure with four components: networking, cloud, cybersecurity and data & AI.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.