*Reassuringly dull cyber security e: info@normcyber.comt: +44 (0) 203 855 6215

FireEye victim of suspected state-sponsored attack


FireEye, one of the world’s leading cyber security vendors, has announced that it has been the subject of a highly sophisticated and targeted cyber attack, conducted by what appears to be a state-sponsored threat actor. The investigation to date has revealed that the attacker targeted and accessed certain Red Team assessment tools that FireEye uses to test its customers security. It is unclear whether the attacker intends to use these tools, or to release them publicly.

In response, FireEye has proactively issued methods and means to detect the use of these tools, and has developed more than 300 countermeasures to minimise the potential impact of their release. FireEye’s threat intelligence feed has been updated to include these countermeasures, and they have been automatically distributed to users of FireEye technology.

FireEye logo

FireEye is conducting an investigation into the attack in collaboration with the FBI and Microsoft, and to date has found no evidence to suggest that the attacker accessed customer data or attempted to compromise customer environments. All indications so far suggest that that FireEye itself was the only target.

“What this attack shows is that if a malicious attacker is determined enough, and has the right set of skills and patience, the chances are that they will find a way to breach their target,” commented Paul Cragg, CTO of NormCyber. “In this instance, FireEye was the victim, but there are hundreds if not thousands of companies that are breached every day which don’t make the headlines. In the security community we see constant evidence of how hackers are developing new techniques in order to disrupt legitimate businesses and steal confidential data and tools for financial gain. By sharing the intelligence it has on this attack, and the countermeasures which can be used against it, FireEye is helping to ensure that as a community we are in the best possible position to defend our customers.”

Norm.’s managed Endpoint Detection and Response service, part of its core Cyber Security as a Service (CSaaS) product, is built upon FireEye’s industry-leading Endpoint Detection and Response software platform. All customers of this service are already benefitting from the methods and countermeasures provided by FireEye as part of its automatic threat intelligence feed updates.

For more information on the attack, read the blog written by Kevin Mandia, CEO of FireEye, here.

The FireEye Red Team Tool Countermeasures can be found here.

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group