Security Market Segment LS
Wednesday, 09 December 2020 09:53

Crown jewels gone: FireEye Red Team tools stolen by unknown actor Featured

By
Crown jewels gone: FireEye Red Team tools stolen by unknown actor Image by Hans Braxmeier from Pixabay

Cyber security vendor FireEye has a considerable amount of egg on its face after the tools used by its Red Team — an attack unit — have been stolen by a group that it claims is a "highly sophisticated state-sponsored adversary".

The company offered no evidence for its claim in a statement published on Tuesday. It said it was offering counter-measures in a GitHub repository.

"We do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them," the company said.

"[Because of this] FireEye is releasing hundreds of counter-measures... to enable the broader security community to protect themselves against these tools."

Unknown attackers stole a trove of exploits from the NSA and exposed them on the Web in 2016. To date, despite an investigation that was going for 15 months in November 2017, the NSA has no idea about who stole its wares.

One of those exploits, known as EternalBlue, turned up in a number of malware attacks after the theft, including WannaCry, the ransomware that spread globally in May 2017.

FireEye, which is valued at about US$3.5 billion (A$4.72 billion), lost about 7% of its value on the stock market in trading after hours.

FireEye chief executive Kevin Mandia said: "We have incorporated the countermeasures in our FireEye products — and shared these countermeasures with partners, government agencies — to significantly limit the ability of the bad actor to exploit the Red Team tools."

Mandia, who owned Mandiant, an incident response firm which was acquired by FireEye in 2014, and one of those in the security industry who is never backward in attributing attacks to different countries, did not make any attribution this time.

The statement said: "We have been performing Red Team assessments for customers around the world for over 15 years. In that time, we have built up a set of scripts, tools, scanners, and techniques to help improve our clients’ security postures. Unfortunately, these tools were stolen by a highly sophisticated attacker.

"The stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit.

"Many of the Red Team tools have already been released to the community and are already distributed in our open-source virtual machine, CommandoVM.

"Some of the tools are publicly available tools modified to evade basic security detection mechanisms. Other tools and frameworks were developed in-house for our Red Team."

FireEye attempted to play down the theft by saying the stolen tools did not contain zero-day exploits.

"The tools apply well-known and documented methods that are used by other red teams around the world. Although we do not believe that this theft will greatly advance the attacker’s overall capabilities, FireEye is doing everything it can to prevent such a scenario.

"It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners."


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

VENDOR NEWS