One of the world’s largest security vendors, FireEye, says it has been hit by a hacker attack. Attackers are known to have successfully infiltrated the company’s internal network and stole proprietary tools that FireEye uses to test its customers’ networks.
FireEye CEO Kevin Mandia says the attackers searched for information regarding a number of government customers of the company, but did not get to the customer information. In general, he described the unknowns as “highly sophisticated attackers whose discipline, operational security and methods of work suggest that this was a government-sponsored attack.”
“This attack is different from the tens of thousands of incidents we have responded to over the years. The attackers acted in secret, using techniques that counteract defensive and forensic tools. They used new combinations of methods that neither we nor our partners have witnessed in the past, ”writes Mandia. “Based on my 25 years of experience in cybersecurity and incident response, I have come to the conclusion that we have witnessed an attack from a state with outstanding offensive capabilities.”
FireEye also reports that this assessment of the situation has already been confirmed by Microsoft experts who were involved to investigate the attack. In addition, the incident has already been notified to the FBI, whose specialists are currently also providing assistance to the company.
Since FireEye believes that attackers have stolen special pentester tools, the company has released indicators of compromise and countermeasures on GitHub that should help other companies determine if hackers have used any of the stolen FireEye tools to compromise their networks. It is also highlighted that none of the stolen tools contained 0-day exploits, and the stolen toolkit included a variety of solutions, from simple scripts used to automate intelligence to large frameworks like CobaltStrike and Metasploit. However, many of them were previously available to third-party specialists.
“We found that attackers targeted and gained access to certain tools of our Red Team that we use to verify the security of our customers. These tools mimic the behavior of many cyber threats and enable FireEye to provide customers with the security diagnostic services they need. We are not sure if the attackers intend to use our tools or are going to publicly disclose them, ”the company said in a statement.