FireEye Discloses Theft of Red Team Tools
FireEye has acknowledged that it was attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. The attacker appears to have accessed FireEye Red team tools, which the company uses to assess the security of customers systems. FireEye is investigating the incident in cooperation with the FBI, Microsoft, and other key partners.
FireEyes CEO blog post and press release focus on the sophistication of the threat actors and point to great information for detecting the use of the stolen tools, but offer no lessons learned on what vulnerabilities were exploited or what mistakes FireEye made that enabled the attacks to succeed. Putting that out for public consumption obviously carries riskI hope FireEye is providing those lessons learned via trusted channels.
Security organizations are under constant attack. Once in a while the attacker wins. This happened twice to us at SANS, 23 years ago and in 2020. As John Pescatore notes, (in addition to finding ways to block the specific intrusion vector and to correct systemic flaw(s) it uncovered) security organizations have a unique and important obligation to share the lessons learned, broadly and quickly.
Read more in
FireEye: FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
Vice: One of The Biggest Cybersecurity Companies In The World Just Got Hacked
Dark Reading: Nation-State Hackers Breached FireEye, Stole Its Red Team Tools
ZDNet: FireEye, one of the world's largest security firms, discloses security breach
The Register: Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools
Wired: Russia's FireEye Hack Is a Statementbut Not a Catastrophe
SC Magazine: FireEye hacked, red team tools stolen
Ars Technica: Premiere security firm FireEye says it was breached by nation-state hackers
Threatpost: FireEye Cyberattack Compromises Red-Team Security Tools
Bleeping Computer: FireEye reveals that it was hacked by a nation state APT group