Cybersecurity company FireEye is hacked into a 'country with top-notch attack capabilities'

Inside the hack used by FireEye, one of America's largest cybersecurity companies, to test customers' cybersecurity by hacking believed to be by 'a national government organization with top-notch attack capabilities.' It was revealed that the tool was stolen.

FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community | FireEye Inc

https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

US Cyber Firm FireEye Says It Was Breached by Nation-State Hackers --WSJ
https://www.wsj.com/articles/us-cyber-firm-fireeye-says-it-was-breached-by-nation-state-hackers-11607461408

One of The Biggest Cybersecurity Companies In The World Just Got Hacked
https://www.vice.com/en/article/bvxv4a/fireeye-hacked-steal-hacking-tools

The attack stole a 'red team evaluation tool' that allows FireEye to diagnose a customer's security system and mimic the behavior of various cyberattacks. FireEye says it's unclear why the attackers stole the red team evaluation tool, and it's unclear if they intend to use it or publish it.

To minimize the potential impact of theft of the Red Team Rating Tool, FireEye has published a strategy on GitHub that can detect or block the use of the Red Team Rating Tool. The FBI and Microsoft have also announced their cooperation in investigating cyber attacks.

GitHub --fireeye / red_team_tool_countermeasures
https://github.com/fireeye/red_team_tool_countermeasures

Kevin Mandia, CEO of FireEye, said, 'This case is different from the tens of thousands of cases we have dealt with over the years. Attackers are targeting FireEye as new as we and our partners have never seen. We combined the technologies to attack. '

We also found evidence that the attackers were looking for information about 'specific government customers.' The attacker was successful in accessing some of FireEye's internal systems, but there was no evidence of stealing data from the primary system that stores customer information and metadata from incident response and consulting contracts. is.

'Based on my 25 years of cybersecurity experience, I have concluded that this attack is from a country with top-notch attack capabilities,' said Mandia.

The IT news media Motherboard points out that the damage done to FireEye has some similarities to the past cases where the NSA's hacking attack tools were stolen. Shadow Brokers, a cracking group that stole NSA hacking tools, released the source code of Windows hacking tools all at once in 2017. It has been revealed that the ransomware ' WannaCry ', which has been reported to have been damaged worldwide since 2017, uses the code published by the Shadow Brokers .

The existence of numerous hacking tools developed by the NSA to track hackers in other countries is revealed --GIGAZINE

The NSA hacking tool is designed to exploit zero-day vulnerabilities , but according to FireEye, the red team evaluation tool does not exploit zero-day vulnerabilities.