Security giant FireEye has been on the receiving end of a complex, publication attack from state actors searching for information on government customers, the company has shown.
CEO Kevin Mandia clarified in a blog article yesterday that the attackers could get some internal systems but there are no signs so far they were able to exfiltrate customer information or metadata gathered by the company’s hazard intelligence systems.
But they did manage to steal several of FireEye’s red group gears, which it utilizes to test clients’ security.
“We aren’t positive whether the attacker plans to utilize our red team resources or to openly disclose them. But from an abundance of caution, we’ve developed over 300 countermeasures to our clients, and the community at large, to utilize to decrease the possible effect of the theft of those applications,” Mandia clarified.
By another site in the company, these programs include simple scripts used for automating reconnaissance to whole frameworks which are very similar to publicly accessible offerings such as CobaltStrike and Metasploit.
Though Mandia released few details of how attackers obtained a foothold in the networks of a few of the planet’s very high-profile cybersecurity businesses, he did reveal that it was supposed to become a country with”top-tier offensive capacities.
“This attack differs in the thousands of episodes we’ve responded to during the years. The Turks tailored their world-class abilities especially to attack and target FireEye,” he explained.
“They’re trained in operational safety and implemented with focus and discipline. They managed clandestinely, using techniques that counter safety tools and forensic evaluation. They used a novel combination of strategies not seen by our partners before.”
If that is true, it might call into mind the Shadow Agents attacks of 2016 that resulted in the catch of some strong NSA hacking applications.
Rick Holland, CISO in Digital Shadows, contended the stolen red group tools, that can be made to mimic the behaviour of dangerous actors, will offer the attackers with a different procedure to undermine government aims.
“The anonymous thieves may use the stolen instruments to imitate different nations’ tactics, including a new layer to protect their true identities and goals. Stealing these tools also reduces operational costs since the state actors do not need to create new applications exploits and management programs because of their intrusions.”