While cyber-attacks on different firms are common, it is rare we see the threat actors target the defenders too. This proved as such only recently when the cybersecurity firm FireEye disclosed a security breach on its network.
FireEye Disclosed Security Breach
In a recent press release, Kevin Mandia, CEO of cybersecurity firm FireEye has shared details of a security breach.
As revealed, the firm suffered a peculiar cyberattack that they never witnessed, which made them believe it to be a state-sponsored attack.
We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.
Specifically, they observed the attack strategy to have employed stealthy techniques that evaded detection measures. This organized attack methodology hints at the expertise of the threat actors that they leveraged to particularly attack FireEye.
Investigating the matter revealed that the attackers accessed the Red Team tools that the firm used to assess customers’ security.
Besides, the attackers also strived to access sensitive information about government customers. However, FireEye observed no evidence of data exfiltration.
While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems.
Although, FireEye confirmed that none of the tools had any zero-day exploits or vulnerabilities. Nonetheless, the attackers managed to steal the tools, though FireEye hasn’t detected any use of the stolen tools yet.
Hence, as a precaution, the firm has released the details about the tools in a separate post here. Whereas the tools are also available on GitHub in the firm’s open-source CommandoVM.
Also, they have released countermeasures to protect the customers. FireEye has also included these countermeasures with their products in addition to sharing them with their partners as well as the Department of Homeland Security.
Moreover, they are also collaborating with the FBI and partners including Microsoft regarding the investigations.
No further details are available for now regarding the attack timelines, extent, nature, and the threat actors.