Home > Cyber News > FireEye Got Hacked in a Highly Tailored APT Attack, Red Team Tools Stolen

FireEye Got Hacked in a Highly Tailored APT Attack, Red Team Tools Stolen

There is hardly a company that cannot be hacked, cybersecurity ones included.

Moreover, even one of the most prominent cybersecurity firms in the world is susceptible to hacking. A state-sponsored actor recently targeted FireEye in a highly sophisticated attack that stole its Red Team penetration testing (pentest) tools. These tools are used to test the defense mechanisms of the company’s various customers.

Russinan State-Sponsored APT Behing the FireEye Hack?

FireEye is currently investigating the incident with the help of the FBI and other partners such as Microsoft. According to news sources The New York Times and The Washington Post, the FBI has assigned the investigation to its Russian specialists. It seems that the attack may be triggered by the well-known APT29 threat group, previously affiliated with Russia’s SVR Foreign Intelligence Service.

Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye, wrote FireEye’s CEO Kevin Mandia in a blog post detailing the incident.

According to Mandia, judging by the discipline and focus seen in the attack, these are highly trained threat actors with capabilities in operational security. The attackers operated covertly, using methods that counter security tools and forensic examination. The combination of the applied techniques hasn’t been witnessed in the past.

What is known so far is that the attackers accessed specific Red Team assessment tools used to test the security of customers. These tools provide diagnostic security services and don’t contain zero-day exploits, Mandia said. The company is currently working to detect whether their tools have been used for malicious purposes.

“We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools,” FireEye concluded.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree