Data Breaches

Security firm FireEye discloses security breach


FireEye, one of the world’s largest security firms said that a highly sophisticated threat actor has accessed its internal network and stole their hacking tools which were used to test the networks of its customers.

FireEye CEO, Kevin Mandia said the threat actor also searched for information related to some of the firm’s government customers.

He described the attacker as a highly sophisticated threat actor whose discipline, operational security, and techniques make them believe that it was a state-sponsored attack.

The executive states that the attack is different from the thousands of incidents which the company have responded to throughout the years.

The attackers used their world-class capabilities specifically to target and attack FireEye. They operated using methods that counter security tools and forensic examination. They also used a novel combination of techniques which the security company has not witnessed ever before.

FireEye notified the Federal Bureau of Investigation and has also partnered with Microsoft and the investigation process is going on.

According to some sources, there are reports that the state-backed Russian cyberespionage group APT29 (aka Cozy Bear) is behind the FireEye security breach.

As the threat actors managed to steal the custom penetration testing tools of FireEye, the company is sharing indicators of compromise (IOC) and countermeasures on its GitHub account now. The data from the GitHub will help other companies detect if hackers used any of FireEye’s stolen tools to breach their networks.

As of now, the hacking tools have not been exploited in the wild, nor do they contain zero-day exploits.

Even though the attacker was able to access some of the internal systems, there is no evidence of data exfiltration from the primary systems that store customer information.

This attack indicates that no companies, even cybersecurity firms, are immune to targeted attacks. Major cybersecurity companies like Kaspersky Lab, RSA Security, Avast, and Bit9 have become victims to serious hacks over the past decade.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Critical remote code execution fixed in PlayStation Now

    Previous article

    Critical TCP/IP flaws pose hacking risk to millions of IoT devices

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *