09 December 20, 13:03
Quote:Cybersecurity firm FireEye has been hit in what CEO Kevin Mandia described as a highly targeted cyberattack. The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers’ security.
Mandia on Tuesday said that based on the techniques and sophistication of the attack, he believes state-sponsored actors were behind the hack. The attacker was primarily hunting out data related to certain government customers, according to FireEye. The hack used “used a novel combination of techniques not witnessed by us or our partners in the past,” he said.
The attack is “different from the tens of thousands of incidents we have responded to throughout the years,” due to its sophistication, said Mandia in a Tuesday post. “The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination.”
The targeted tools provide diagnostic security services to FireEye’s customers, by mimicking the behavior of threat actors, said Mandia. The stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit.
None of these tools contain zero-day exploits, he stressed. FireEye has also seen no evidence to date that an attacker has utilized the stolen Red Team tools.
However, such use of the tools could allow attackers to take over systems, a Tuesday Cybersecurity & Infrastructure Security Agency (CISA) advisory warned: “Although [CISA] has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems,” according to the advisory.
Read more: https://threatpost.com/fireeye-cyberatta...ls/162056/