Popular cybersecurity firm FireEye announced that it is a victim of a sophisticated state-sponsored cyberattack. In an official release, the company stated that the attacker compromised its Red Team software tools and accessed information from its internal systems. While there is no information on whether any customers’ data has been misused, the company stated that it is likely a government-backed cyber operation performed using new hacking techniques.
“A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures to enable the broader security community to protect themselves against these tools,” FireEye said.
FireEye stated has incorporated certain countermeasures in its security products and shared the same with its partners and government agencies to prevent malicious actors from trying to exploit the Red Team tools.
What’s a Red Team?
A Red Team is a group of security experts who penetrate the network systems or exploit capabilities to test an enterprise’s security standards. The purpose of this exercise is to determine potential vulnerabilities and find the organization’s abilities to prevent, detect, and respond to cyberattacks. The alternative to the Red Team experts is the Blue Team, a team of network defenders trying to protect the security perimeter of the organization.
— Theresa Payton ✪ (@TrackerPayton) December 8, 2020
With the Fireeye breach news coming out, it’s important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9 1/
— Dmitri Alperovitch (@DAlperovitch) December 8, 2020
“The Red Team tools stolen by the attacker did not contain zero-day exploits. The tools apply well-known and documented methods that are used by other red teams around the world. Although we do not believe that this theft will greatly advance the attacker’s overall capabilities, FireEye is doing everything it can to prevent such a scenario. It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners,” FireEye added.