"FireEye revealed on Tuesday that its own systems were pierced by what it called 'a nation with top-tier offensive capabilities.' The company said hackers used 'novel techniques' to make off with its own tool kit, which could be useful in mounting new attacks around the world..." https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
"U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools (Reuters) - FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that is has been hacked, possibly by a government, leading to the theft of an arsenal of internal hacking tools typically reserved to privately test the cyber defenses of their own clients..." https://finance.yahoo.com/news/u-cybersecurity-firm-fireeye-discloses-210424354.html
"Top cybersecurity firm FireEye says it was hit by state-sponsored cyberattack... In an investor disclosure, FireEye said the attack was highly customized to target FireEye's systems and is unlike any the company has responded to in the past. 'Based on his 25 years in cyber security and responding to incidents, Kevin Mandia, our Chief Executive Officer, concluded we are witnessing an attack by a nation with top-tier offensive capabilities,' the SEC filing said. The attacker accessed 'certain Red Team assessment tools that we use to test our customers' security,'the disclosure continued, implying that many of FireEye's clients, including its government customers, could be indirectly affected by the breach. 'We are proactively releasing methods and means to detect the use of our stolen Red Team tools... we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools'..." https://www.cnn.com/2020/12/08/tech/fireeye-cyberattack/index.html
"...none of the red team tools exploited so-called 'zero day vulnerabilities,' meaning the relevant flaws should already be public..." https://www.reuters.com/article/fir...theft-of-internal-hacking-tools-idUSL1N2IO2EI
FireEye Blog/Press Release: https://www.fireeye.com/blog/produc...yber-attack-actions-to-protect-community.html
"...the FBI has turned over the investigation to its Russian specialists, suggesting that the Kremlin is behind the hack..." https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
CISA Advisory: "Theft of FireEye Red Team Tools... CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures: FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community Unauthorized Access of FireEye Red Team Tools FireEye’s GitHub repository: Red Team Tool Countermeasures" https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/theft-fireeye-red-team-tools
"Hack of top American cybersecurity firm linked to Russia’s foreign intelligence service [The SVR]... The same Russian spies who penetrated the White House and State Department several years ago and have attempted to steal coronavirus vaccine research have carried off another brazen hack, this time breaking into the servers of one of the world’s premier cybersecurity firms... The SVR...hacks for traditional espionage purposes, stealing secrets that can be useful for the Kremlin to understand the plans and motives of politicians and policymakers. Its operators have filched industrial secrets, hacked foreign ministries and gone after coronavirus vaccine data..." https://www.washingtonpost.com/nati...369aaa-3988-11eb-98c4-25dc9f4987e8_story.html
https://www.politico.com/news/2020/12/16/russian-hackers-fireeye-cyberattack-447226 You know what I don't get? You would think that an EDR system would notice such an attack, that's exactly what they are designed for. They monitor and block suspicious stuff that AV's fail to spot. Even when SolarWinds is a trusted tool, you would hope it's still being monitored for suspicious file and network access for example. But I don't know the details about the SolarWinds backdoor, but don't forget it also happened to CCleaner. https://www.gartner.com/reviews/market/endpoint-detection-and-response-solutions https://threatpost.com/inside-the-ccleaner-backdoor-attack/128283/
Here is an interesing article about how security companies might be an attractive investment option. But then they should really do a better job, they should focus more on supply chain attacks, if you ask me. https://www.barrons.com/articles/wa...ing-solarwinds-hack-51608586159?siteid=yhoof2
