FireEye, one of the world’s leading cyber security vendors, has announced that it has been the subject of a highly sophisticated and targeted cyber attack, conducted by what appears to be a state-sponsored threat actor. The investigation to date has revealed that the attacker targeted and accessed certain Red Team assessment tools that FireEye uses to test its customers security. It is unclear whether the attacker intends to use these tools, or to release them publicly.
In response, FireEye has proactively issued methods and means to detect the use of these tools, and has developed more than 300 countermeasures to minimise the potential impact of their release. FireEye’s threat intelligence feed has been updated to include these countermeasures, and they have been automatically distributed to users of FireEye technology.
FireEye is conducting an investigation into the attack in collaboration with the FBI and Microsoft, and to date has found no evidence to suggest that the attacker accessed customer data or attempted to compromise customer environments. All indications so far suggest that that FireEye itself was the only target.
“What this attack shows is that if a malicious attacker is determined enough, and has the right set of skills and patience, the chances are that they will find a way to breach their target,” commented Paul Cragg, CTO of NormCyber. “In this instance, FireEye was the victim, but there are hundreds if not thousands of companies that are breached every day which don’t make the headlines. In the security community we see constant evidence of how hackers are developing new techniques in order to disrupt legitimate businesses and steal confidential data and tools for financial gain. By sharing the intelligence it has on this attack, and the countermeasures which can be used against it, FireEye is helping to ensure that as a community we are in the best possible position to defend our customers.”
Norm.’s managed Endpoint Detection and Response service, part of its core Cyber Security as a Service (CSaaS) product, is built upon FireEye’s industry-leading Endpoint Detection and Response software platform. All customers of this service are already benefitting from the methods and countermeasures provided by FireEye as part of its automatic threat intelligence feed updates.
For more information on the attack, read the blog written by Kevin Mandia, CEO of FireEye, here.
The FireEye Red Team Tool Countermeasures can be found here.