FireEye, a well known cyber security firm has been hacked. The company’s CEO Kevin Mandia has released a statement in a blog post on Tuesday.
There is a lot to be known but as the New York Times reported their tools of trade have been taken. These are so called Red Team tools and are used for contractual penetration testing. “These are essentially digital tools that replicate the most sophisticated hacking tools in the world. FireEye uses the tools — with the permission of a client company or government agency — to look for vulnerabilities in their systems. Most of the tools are based in a digital vault that FireEye closely guards.”
Here is what the company said: “During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.
We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.
We have seen no evidence to date that any attacker has used the stolen Red Team tools. We, as well as others in the security community, will continue to monitor for any such activity. At this time, we want to ensure that the entire security community is both aware and protected against the attempted use of these Red Team tools. Specifically, here is what we are doing:
- We have prepared countermeasures that can detect or block the use of our stolen Red Team tools.
- We have implemented countermeasures into our security products.
- We are sharing these countermeasures with our colleagues in the security community so that they can update their security tools.
- We are making the countermeasures publicly available on our GitHub.
- We will continue to share and refine any additional mitigations for the Red Team tools as they become available, both publicly and directly with our security partners.
Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers. While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems. If we discover that customer information was taken, we will contact them directly.”
The tools can be used against other targets the same way as the NSA tools that were release to the public domain back in 2016.
The finger of brame is pointing to hackers from a group known as APT 29 or Cozy Bear.