Original Release Date: 12/10/2020
Cybersecurity firm FireEye disclosed this week that they were the victim of a sophisticated cyberattack, which they are investigating with the Federal Bureau of Investigation and partners, including Microsoft. The threat actor targeted and accessed red team tools used by FireEye to test their customers’ security. As a result, FireEye proactively released methods and means to detect the use of their stolen tools, including 300 countermeasures. The company believes the hack is the result of a nation-state cyber-espionage effort as the threat actor targeted information related to certain government customers. At this time, it does not appear that the threat actor exfiltrated data from the FireEye systems that store customer information from incident response or consulting engagements, or metadata collected by FireEye’s dynamic threat intelligence systems. More information on the cyberattack, breach of red team tools, and countermeasures can be found in the FireEye blog posts (1, 2) and GitHub repository.