FireEye Hacked – Sophisticated State-Sponsored Hackers Stole FireEye Red Team Tools

Worlds leading cybersecurity Firm FireEye Hacked by State-sponsor hackers and stolen the red team tools and some of them are openly available.

FireEye is one of the leading cybersecurity companies, and the CEO of the company, Kevin Mandia, has recently published that they have encountered a severe attack by the threat actor dispensing all the symbols of a state-sponsored hacking group.

This attack is totally different from the tens of thousands of previous events that have been responded to throughout the years. However, Kevin Mandia did not confirm who carried the attack in his report; But, the FBI is investigating the whole incident. 

Apart from this, one of the most important priorities is to increase the security of its consumers and the wider community. According to the cybersecurity firm, the attacker was initially seeking out data related to specific government customers.

However, it does not appear that any customer data was stolen in the attack. The threat actors primarily investigated information that are related to the company’s government customers.

Not only that, but it also targeted and obtained the firm’s ‘Red Team’ tools, and this tool mimics the performance of many cyber attackers, and it also allows FireEye to implement all the necessary demonstrative security services to their customers. 

Apart from this, once the report of the breach was published, the shares of FireEye fell 8% down.

Hacker showed all the signs of a state-backed threat actor

After knowing about the data breach, FireEye checked the attack procedure and all their techniques, which lead the experts to believe that it was a state-sponsored attack. The CEO of the firm affirmed that this cybersecurity attack is a highly sophisticated data breach.

The attackers have specifically breached the assets of FireEye and used techniques that are designed to encounter both forensic examination and the security tools that expose the malicious activity.

Kevin Mandia asserted that based on his 25 years in a cybersecurity firm, “he has concluded that they see an attack by a nation with top-tier offensive abilities. In one of his statements, Mandia said that the attack was different from the tens of thousands of events and conflicts they have responded to throughout the years.”

The experts also pronounced that they used a novel combination of methods witnessed by the firm and their partners for the first time. However, the threat actors were using a novel variety of techniques.  

Hackers stole FireEye Red Team tools

After investigating the conflict, it got clear that the attackers have targeted and accessed some Red Team assessment tools that were used to test the customers’ security. But, there was not a single tool that contains zero-day exploits. 

All the stolen tools from the range of simple scripts that are used for automating surveillance to complete frameworks that are related to openly available technologies like CobaltStrike and Metasploit.

Govt. customers’ data also targeted

The threat actors have also tried to assemble data on government customers and gain access to some FireEye internal systems. But after investigation, no evidence shows that the attacker exfiltrated the data from the primary systems.

These systems collect all the customer information from the incident response or discussing engagements or the metadata that have been accumulated by the products in the dynamic threat intelligence systems.

Measures taken by FireEye

The measures that were taken by FireEye has been mentioned below:-

  • They have planned the countermeasures that can discover or block the use of the stolen Red Team tools.
  • They have also implemented some countermeasures into the security products.
  • The experts are sharing these countermeasures with all their colleagues in the security community so that they can renew their security tools.
  • Experts are trying to make all these countermeasures publicly available in their blog post, “Unauthorized Access of FireEye Red Team Tools.”
  • They will continue to share and refine any further mitigations for the Red Team tools as they are now available, both publicly and instantly, with our security partners.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Balaji N

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

Our weekly summary of cybersecurity news provides information on the most recent threats, vulnerabilities, innovations,…

13 hours ago

Bondnet Using High-Performance Bots For C2 Server

Threat actors abuse high-performance bots to carry out large-scale automated attacks efficiently. These bots can…

3 days ago

Discord-Based Malware Attacking Orgs Linux Systems In India

Linux systems are deployed mostly in servers, in the cloud, and in environments that are…

3 days ago

New Moonstone Sleet North Korean Actor Deploying Malicious Open Source Packages

In December 2023, we reported on how North Korean threat actors, particularly Jade Sleet, have…

3 days ago

Life360 Breach: Hackers Accessed the Tile Customer Support Platform

Life360, a company known for its family safety services, recently fell victim to a criminal…

3 days ago

Microsoft Delays Release of Controversial Windows AI Recall Tool Amid Privacy Concerns

Microsoft has announced that it will delay the broad release of its AI-powered Recall feature…

3 days ago