Worlds leading cybersecurity Firm FireEye Hacked by State-sponsor hackers and stolen the red team tools and some of them are openly available.
FireEye is one of the leading cybersecurity companies, and the CEO of the company, Kevin Mandia, has recently published that they have encountered a severe attack by the threat actor dispensing all the symbols of a state-sponsored hacking group.
This attack is totally different from the tens of thousands of previous events that have been responded to throughout the years. However, Kevin Mandia did not confirm who carried the attack in his report; But, the FBI is investigating the whole incident.
Apart from this, one of the most important priorities is to increase the security of its consumers and the wider community. According to the cybersecurity firm, the attacker was initially seeking out data related to specific government customers.
However, it does not appear that any customer data was stolen in the attack. The threat actors primarily investigated information that are related to the company’s government customers.
Not only that, but it also targeted and obtained the firm’s ‘Red Team’ tools, and this tool mimics the performance of many cyber attackers, and it also allows FireEye to implement all the necessary demonstrative security services to their customers.
Apart from this, once the report of the breach was published, the shares of FireEye fell 8% down.
After knowing about the data breach, FireEye checked the attack procedure and all their techniques, which lead the experts to believe that it was a state-sponsored attack. The CEO of the firm affirmed that this cybersecurity attack is a highly sophisticated data breach.
The attackers have specifically breached the assets of FireEye and used techniques that are designed to encounter both forensic examination and the security tools that expose the malicious activity.
Kevin Mandia asserted that based on his 25 years in a cybersecurity firm, “he has concluded that they see an attack by a nation with top-tier offensive abilities. In one of his statements, Mandia said that the attack was different from the tens of thousands of events and conflicts they have responded to throughout the years.”
The experts also pronounced that they used a novel combination of methods witnessed by the firm and their partners for the first time. However, the threat actors were using a novel variety of techniques.
After investigating the conflict, it got clear that the attackers have targeted and accessed some Red Team assessment tools that were used to test the customers’ security. But, there was not a single tool that contains zero-day exploits.
All the stolen tools from the range of simple scripts that are used for automating surveillance to complete frameworks that are related to openly available technologies like CobaltStrike and Metasploit.
The threat actors have also tried to assemble data on government customers and gain access to some FireEye internal systems. But after investigation, no evidence shows that the attacker exfiltrated the data from the primary systems.
These systems collect all the customer information from the incident response or discussing engagements or the metadata that have been accumulated by the products in the dynamic threat intelligence systems.
The measures that were taken by FireEye has been mentioned below:-
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…
BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw in…