Government hackers attacked FireEye, the largest provider of information security solutions
One of the world’s largest security vendors FireEye reports that it has been attacked by hackers from a government-supported group.
Attackers are known to have successfully gained access to the company’s internal network and stole proprietary tools that FireEye uses to test its clients’ networks.
FireEye CEO Kevin Mandia says the attackers searched for information regarding a number of government customers of the company, but did not reach customers’ information. In general, he described the unknowns as “highly sophisticated attackers whose discipline, operational security and methods of work suggest that this was a government-sponsored attack.”
“This attack is different from the tens of thousands of incidents we have responded to over the years. The attackers acted in secret, using techniques that counteract defensive and forensic tools. They used new combinations of methods that neither we nor our partners have witnessed in the past. Based on my 25 years of experience in cybersecurity and incident response, I concluded that we have witnessed an attack from a state with outstanding offensive capabilities”, – writes Kevin Mandia.
FireEye also reports that this assessment of the situation has already been confirmed by Microsoft experts who were involved in investigation of the attack. In addition, about the incident has already been notified the FBI, whose specialists are currently also providing assistance to the company.
Since FireEye believes that attackers have stolen special pentester tools, the company has released indicators of compromise and countermeasures on GitHub that should help other companies determine if hackers have used any of the stolen FireEye tools to compromise their networks.
It is also highlighted that none of the stolen tools contained 0-day exploits, and the stolen toolkit included a variety of solutions, from simple scripts used to automate intelligence to large frameworks like CobaltStrike and Metasploit. However, many of them were previously available to third-party specialists.
“We found that attackers targeted and gained access to certain tools of our Red Team that we use to verify the security of our customers. These tools mimic the behavior of many cyber threats and enable FireEye to provide customers with the security diagnostic services they need. We are not sure if the attackers intend to use our tools or are going to publicly disclose them”, — the company said in a statement.
Let me remind you that we talked about how Chinese hackers use McAfee antivirus for spreading the malware.