Attackers breach cybersecurity firm FireEye, steal hacking tools

Posted:
in General Discussion edited December 2020
Cybersecurity firm FireEye says that it was hacked by a nation-state attacker who made off with many of its hacking tools and data related to government clients.

Credit: Malcolm Owen, AppleInsider
Credit: Malcolm Owen, AppleInsider


California-based FireEye disclosed the breach on Thursday, stating that it was carried out by a "highly sophisticated state-sponsored adversary."

The attackers reportedly stole Red Team tools that FireEye uses to detect and exploit weaknesses in computer systems in order to better defend them. Additionally, the attack targeted data primarily related to "certain government customers," The Washington Post reported.

Those government targets did not necessarily include ones in the U.S., sources said. Additionally, FireEye CEO Kevin Mandia said that the attackers didn't appear to remove data from the systems storing customer information.

Although FireEye didn't specifically attribute the attack to anyone, sources told The Washington Post that the attackers were tied likely to Russian intelligence.

The attack appeared to be tailor-made to target FireEye itself using methods that "counter security tools and forensic examination." Mandia added that they "used a novel combination of techniques not witnessed by us or our partners in the past."

According to WaPo, the attack compromised a significant number of -- but not all -- of the team's Red Team tools. Those tools are the kind used in penetration tests to identify and shore up weaknesses in a client's cyber defenses.

FireEye maintains that none of the tools relied on zero-day exploits, and were instead modeled on known attacks and exploits. Some of the tools were existing scripts modified to evade detection, while others were built in-house by FireEye's Red Team staff. The company says it doesn't know whether the attacks stole the tools to use them, or publicly disclose them. To date, Mandia said that FireEye has seen no evidence that the stolen tools have been used in the wild.

Although not strictly focused on Apple products, FireEye has identified exploits in the company's products in the past. It also makes security tools and software for macOS and other Apple platforms.

To mitigate the threat of those tools, however, FireEye is providing more than 300 countermeasures to its customers to help shield them from attacks.

The FBI is investigating the attack, and Microsoft is assisting FireEye in its own investigation.

Comments

  • Reply 1 of 10
    Inside job.
    SpamSandwich
  • Reply 2 of 10
    lkrupplkrupp Posts: 10,013member
    If the Russians and Chinese are doing this just think of what the CIA/NSA/Israel are doing.
  • Reply 3 of 10
    Released the info on Thursday? How come this was on UK BBC news a couple of days ago...?

  • Reply 4 of 10
    alanh said:
    Released the info on Thursday? How come this was on UK BBC news a couple of days ago...?

    Just a typo by Mike Petersen. The press release he links to is dated Tuesday.

    Doesn't look good for FireEye, though. You'd think a cybersecurity firm would be able to secure their own systems. If I were a current client, I'd be looking elsewhere.
    DogpersonPetrolDavewatto_cobra
  • Reply 5 of 10
    jimh2jimh2 Posts: 434member
    I’d say this is not good for business. Who would hire a company that has been hacked to protect them?
    watto_cobra
  • Reply 6 of 10
    That got to sting. “Cyber security firm got hacked” really puts the moron in oxymoron! Although I don’t have reason to doubt the alleged involvement of a nation state, what else could they say to try and mitigate this PR disaster?!
    muthuk_vanalingamwatto_cobra
  • Reply 7 of 10
    Anything people can create can be breached or destroyed.
  • Reply 8 of 10
    If we'd just add a backdoor to everything, we wouldn't need to worry about hacking tools. /s
  • Reply 9 of 10
    Wouldn't you think that level of tools stolen would be on an internal server disconnected from the internet at a company like this?  You would think this kind of stuff would have to have physical contact to breach rather than being able to remotely access it.  I just envision anything sensitive, to be secure, would have to be cut off from the outside world completely.
    DogpersonPetrolDave
  • Reply 10 of 10
    From the man article:
    California-based FireEye disclosed the breach on Thursday... The attackers reportedly stole Red Team tools that FireEye uses to detect and exploit weaknesses in computer systems in order to better defend them.

    FireEye clearly do not eat their own dogfood... or maybe their hacking anti-hacking tools are not as good as they claim.

    I would be very worried if the company that I hire to protect me from hackers told me that they had just been hacked themselves.

Sign In or Register to comment.