Saturday, October 16, 2021

Suspected Attackers Steal FireEye Red Team Tools

Must Read

Google patches Chrome zero-day vulnerability exploited in the wild

Google has released today Stable version 88.0.4324.150 of the Chrome browser for Windows, Mac, and Linux. Today's release contains...

Authorities likely to tighten cybersecurity Standards after BigBasket data breach

NEW DELHI: Faced with the latest spate of cyber breaches ranging from this on Prime Minister Narendra Modi's site...

Vulnerabilities in Atlassian domains Could takeover Any Atlassian Account

Vulnerabilities that could allow XSS, CSRF and one-click account takeovers in Atlassian subdomains have been patched.Atlassian, a platform used...

Security giant FireEye has been on the receiving end of a complex, publication attack from state actors searching for information on government customers, the company has shown.

CEO Kevin Mandia clarified in a blog article yesterday that the attackers could get some internal systems but there are no signs so far they were able to exfiltrate customer information or metadata gathered by the company’s hazard intelligence systems.

But they did manage to steal several of FireEye’s red group gears, which it utilizes to test clients’ security.

“We aren’t positive whether the attacker plans to utilize our red team resources or to openly disclose them. But from an abundance of caution, we’ve developed over 300 countermeasures to our clients, and the community at large, to utilize to decrease the possible effect of the theft of those applications,” Mandia clarified.

By another site in the company, these programs include simple scripts used for automating reconnaissance to whole frameworks which are very similar to publicly accessible offerings such as CobaltStrike and Metasploit.

Though Mandia released few details of how attackers obtained a foothold in the networks of a few of the planet’s very high-profile cybersecurity businesses, he did reveal that it was supposed to become a country with”top-tier offensive capacities.

“This attack differs in the thousands of episodes we’ve responded to during the years. The Turks tailored their world-class abilities especially to attack and target FireEye,” he explained.

“They’re trained in operational safety and implemented with focus and discipline. They managed clandestinely, using techniques that counter safety tools and forensic evaluation. They used a novel combination of strategies not seen by our partners before.”

If that is true, it might call into mind the Shadow Agents attacks of 2016 that resulted in the catch of some strong NSA hacking applications.

Rick Holland, CISO in Digital Shadows, contended the stolen red group tools, that can be made to mimic the behaviour of dangerous actors, will offer the attackers with a different procedure to undermine government aims.

“The anonymous thieves may use the stolen instruments to imitate different nations’ tactics, including a new layer to protect their true identities and goals. Stealing these tools also reduces operational costs since the state actors do not need to create new applications exploits and management programs because of their intrusions.”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This