Cybersecurity Firm FireEye Breached in Sophisticated Attack

Posted December 15, 2020

The cybersecurity company FireEye recently announced in a blog post and SEC filings that they had been hacked. FireEye is one of the world’s largest cybersecurity firms with over 9,600 customers across 103 countries, including more than 50% of the Forbes Global 2000. As reported by the company, the hack was highly sophisticated and likely state-sponsored. Initial reports suspect the Russian SVR intelligence service APT 29 (Advanced Persistent Threat Group 29) but the investigation continues. The FBI and Microsoft Corp have been called in to help in the investigation.

“The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state,” said Matt Gorham, assistant FBI director for the Cyber Division.

The attackers gained access to FireEye’s Red Team toolkit which is a set of scripts, tools, scanners, and techniques used by FireEye to test client security postures. Some of the toolkit components were already released in the public domain and widely available but some were still proprietary in-house tools used by the Red Team.

The Red Team tools stolen did not contain any zero-day exploits. According to WatchGuard Technologies’ Internet Security Report for Q2 2020, 70% of all attacks involve zero-day malware. Zero-day threats are security vulnerabilities that have not been seen previously and therefore no signature exists to identify the threat.

The Red Team tools stolen by the attacker did not contain zero-day exploits. The tools apply well-known and documented methods that are used by other red teams around the world. Although we do not believe that this theft will greatly advance the attacker’s overall capabilities, FireEye is doing everything it can to prevent such a scenario.

It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners.

In response to the attack, FireEye has released countermeasure tools to the community to help identify attacks using the Red Team toolkit and defend against attacks.

Attacks on cybersecurity firms are not new. In the past, security companies such as Symantec, RSA, Bit9, and Kaspersky Lab have been also been breached. Attackers target cybersecurity companies to collect information in reconnaissance as they prepare for larger attacks and attacks on specific targets. FireEye’s services protect more than 1,000 government and law enforcement agencies worldwide and that client base is likely the reason for the exploit. FireEye also tracks APT Groups that receive support from nation-states. Like other attackers, APT groups try to steal data, disrupt operations and destroy infrastructure. Unlike most cybercriminals, APT attackers pursue their objectives over months or years. They adapt to cyber defenses and frequently retarget the same victim. This focus on APT groups by FireEye could also have led to their targeting.

When breaches like this happen and when software companies discover a new exploit, security patches to protect systems are often quickly deployed. If there are any takeaways from high-profile events like the FireEye breach it’s that anyone can become a victim and patches should be applied immediately as they are available in order to limit residual effects. Contact us if you have any doubt whether or not your systems are up-to-date.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.