Tweet

Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past. FireEye is one of the world's top cybersecurity firms with major government and enterprise customers around the world. The company is known for its top-notch research on state-sponsored threat actors and its incident response capabilities. Over the years it was called to investigate some of the most high-profile breaches in governments and organizations. Who breached FireEye? "Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack," FireEye CEO Kevin Mandia said in a public announcement. "This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past." FireEye tiesup with Druva What did the FireEye attackers want? The attackers, which the Washington Post reported are the hacking arm of Russia’s SVR foreign intelligence service, known in the security industry as APT29 or Cozy Bear, sought information related to FireEye's government customers. The company said that at this time it hasn't seen any evidence that customer information related to incident response and consulting engagements was stolen, but the attackers did get some of the company's internal red team tools. Solar Wind Red team is the industry term for penetration testers contracted to simulate real attacks so that defenders—the blue team—can assess the strength of the organization's security measures, their ability to respond and the impact of potential breaches. According to FireEye, the tools that were stolen range from simple scripts for network reconnaissance to more advanced attack frameworks that are similar to other publicly available penetration testing toolkits like Metasploit or CobaltStrike, but which were developed specifically for its red team. Some of the tools are already public as part of the company's open-source virtual machine CommandoVM or are modifications of existing open-source scripts and packages.

 Cybersecurity firm FireEye announced Tuesday that a sophisticated group of hackers, likely state-sponsored, broke into its network and stole tools the company's experts developed to simulate real attackers and test the security of its customers. While this is a worrying development, it's unlikely that this will result in a significant risk increase to organizations, as some offensive tool leaks did in the past.

FireEye is one of the world's top cybersecurity firms with major government and enterprise customers around the world. The company is known for its top-notch research on state-sponsored threat actors and its incident response capabilities. Over the years it was called to investigate some of the most high-profile breaches in governments and organizations.

"Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack," FireEye CEO Kevin Mandia said in a public announcement. "This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."

FireEye tiesup with Druva

The attackers, which the Washington Post reported are the hacking arm of Russia’s SVR foreign intelligence service, known in the security industry as APT29 or Cozy Bear, sought information related to FireEye's government customers. The company said that at this time it hasn't seen any evidence that customer information related to incident response and consulting engagements was stolen, but the attackers did get some of the company's internal red team tools.

Solar Wind

Red team is the industry term for penetration testers contracted to simulate real attacks so that defenders—the blue team—can assess the strength of the organization's security measures, their ability to respond and the impact of potential breaches. According to FireEye, the tools that were stolen range from simple scripts for network reconnaissance to more advanced attack frameworks that are similar to other publicly available penetration testing toolkits like Metasploit or CobaltStrike, but which were developed specifically for its red team. Some of the tools are already public as part of the company's open-source virtual machine CommandoVM or are modifications of existing open-source scripts and packages.