FireEye Discloses Theft of Red Team Tools
FireEye has acknowledged that it was attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. The attacker appears to have accessed FireEye Red team tools, which the company uses to assess the security of customers systems. FireEye is investigating the incident in cooperation with the FBI, Microsoft, and other key partners.
FireEyes CEO blog post and press release focus on the sophistication of the threat actors and point to great information for detecting the use of the stolen tools, but offer no lessons learned on what vulnerabilities were exploited or what mistakes FireEye made that enabled the attacks to succeed. Putting that out for public consumption obviously carries riskI hope FireEye is providing those lessons learned via trusted channels.
Security organizations are under constant attack. Once in a while the attacker wins. This happened twice to us at SANS, 23 years ago and in 2020. As John Pescatore notes, (in addition to finding ways to block the specific intrusion vector and to correct systemic flaw(s) it uncovered) security organizations have a unique and important obligation to share the lessons learned, broadly and quickly.
Read more in
SC Magazine: FireEye hacked, red team tools stolen
Bleeping Computer: FireEye reveals that it was hacked by a nation state APT group