Saturday, July 24, 2021

Suspected Attackers Steal FireEye Red Team Tools

Must Read

Google launches Cloud Armor Adaptive Protection Technologies to prevent DDoS attacks

Google LLC said now it is progressing smart automation inside its cloud network security controls within its continuing mission...

Cashalo users Data of 3.3 million sold on the dark web: NPC

Sensitive information of Cashalo users has been sold on the dark web, NPC said on Tuesday. The National Privacy Commission...

WA Auditor Shows Concern about security Methods within state Registry System

Auditor General publishes findings 18 weeks after the audit has been complete because she feared that the danger was...

Security giant FireEye has been on the receiving end of a complex, publication attack from state actors searching for information on government customers, the company has shown.

CEO Kevin Mandia clarified in a blog article yesterday that the attackers could get some internal systems but there are no signs so far they were able to exfiltrate customer information or metadata gathered by the company’s hazard intelligence systems.

But they did manage to steal several of FireEye’s red group gears, which it utilizes to test clients’ security.

“We aren’t positive whether the attacker plans to utilize our red team resources or to openly disclose them. But from an abundance of caution, we’ve developed over 300 countermeasures to our clients, and the community at large, to utilize to decrease the possible effect of the theft of those applications,” Mandia clarified.

By another site in the company, these programs include simple scripts used for automating reconnaissance to whole frameworks which are very similar to publicly accessible offerings such as CobaltStrike and Metasploit.

Though Mandia released few details of how attackers obtained a foothold in the networks of a few of the planet’s very high-profile cybersecurity businesses, he did reveal that it was supposed to become a country with”top-tier offensive capacities.

“This attack differs in the thousands of episodes we’ve responded to during the years. The Turks tailored their world-class abilities especially to attack and target FireEye,” he explained.

“They’re trained in operational safety and implemented with focus and discipline. They managed clandestinely, using techniques that counter safety tools and forensic evaluation. They used a novel combination of strategies not seen by our partners before.”

If that is true, it might call into mind the Shadow Agents attacks of 2016 that resulted in the catch of some strong NSA hacking applications.

Rick Holland, CISO in Digital Shadows, contended the stolen red group tools, that can be made to mimic the behaviour of dangerous actors, will offer the attackers with a different procedure to undermine government aims.

“The anonymous thieves may use the stolen instruments to imitate different nations’ tactics, including a new layer to protect their true identities and goals. Stealing these tools also reduces operational costs since the state actors do not need to create new applications exploits and management programs because of their intrusions.”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This