FireEye a firm that helps protect businesses and cities from cyberattacks just got hit by one

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,866
The cybersecurity firm FireEye (FEYE) said Tuesday that it had come under cyberattack by "highly sophisticated" actors likely sponsored by a nation-state, in a rare and extremely serious instance of a mainstream security vendor being compromised. The hack could even give the perpetrators the means to launch attacks against other targets.

In an investor disclosure, FireEye said the attack was highly customized to target FireEye's systems and is unlike any the company has responded to in the past.

"Based on his 25 years in cyber security and responding to incidents, Kevin Mandia, our Chief Executive Officer, concluded we are witnessing an attack by a nation with top-tier offensive capabilities," the SEC filing said.

The attacker accessed "certain Red Team assessment tools that we use to test our customers' security," the disclosure continued, implying that many of FireEye's clients, including its government customers, could be indirectly affected by the breach. "We are proactively releasing methods and means to detect the use of our stolen Red Team tools. We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools."

In a blog post, Mandia said FireEye is working with the FBI and other forensic partners, including Microsoft (MSFT).

"Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques," Mandia wrote.

Mandia added that the attackers tried to access information "related to certain government customers," but that the company has no evidence yet that customer information has been stolen.

None of the stolen cybersecurity tools contained so-called zero-day exploits, Mandia said. Zero-day vulnerabilities are software vulnerabilities that have never been publicly identified or patched, and can be extremely dangerous if weaponized by malicious actors.

Mike Chapple, a cybersecurity expert at the University of Notre Dame and a former National Security Agency official, called the FireEye breach "an extraordinarily significant attack."

"As one of the world's go-to cybersecurity firms, FireEye has a ringside seat for some of the most sophisticated breaches carried out worldwide," Chapple said. "The impact of this breach remains to be seen and depends upon the motivation of the attackers. We might see them go public in an attempt to monetize their work by selling exploits. On the other hand, they might remain in the shadows, stealthily using their new tools to compromise high-value systems."

Shares of FireEye fell more than 7% in after-hours trading Tuesday following the disclosure.
 

HarborFront

Level 61
Verified
Top poster
Content Creator
Oct 9, 2016
5,065
Quote

FireEye, one of the premiere global threat intelligence and cybersecurity companies, had its offensive security tools stolen by hackers, the company announced........

It’s not clear exactly when the attack happened or the specific capabilities of the stolen tools.......

Unquote


No wonder the company got hacked
 

Gandalf_The_Grey

Level 59
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
4,866
Theft of FireEye Red Team Tools:
FireEye has released a blog addressing unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. Although the Cybersecurity and Infrastructure Security Agency (CISA) has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems. The exposed tools do not contain zero-day exploits.

CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures:
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,792