Security News

Prominent U.S. cybersecurity firm FireEye said Tuesday that foreign government hackers with "World-class capabilities" broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, who include federal, state and local governments and top global corporations. Neither Mandia nor a FireEye spokeswoman said when the company detected the hack or who might be responsible.

Cybersecurity corp FireEye has confessed its most secure servers have been compromised, almost certainly by state-backed hackers who then made away with its proprietary hacking tools. "Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack," a memo by its CEO Kevin Mandia on Tuesday read. The tools stolen are used by FireEye to test their customers' networks to find potential security holes, making it doubly embarrassing for the tech giant because, presumably, it uses its own tools to make sure its networks are secure.

Cybersecurity powerhouse FireEye late Tuesday acknowledged that a "Highly sophisticated" threat actor broke into its corporate network and stole a range of automated hacking tools and scripts. "Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools," FireEye said in a blog post announcing the intrusion.

The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers' security. "The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination."

Leading cybersecurity company FireEye disclosed today that it was hacked by a threat actor showing all the signs of a state-sponsored hacking group. The attackers were able to steal Red Team assessment tools FireEye uses to test customers' security and designed to mimic tools used by many cyber threat actors.

FireEye on Thursday announced a $400 million strategic investment led by investment giant Blackstone, which the company says will be used to support growth initiatives, including the acquisition of Respond Software, also announced on Thursday. FireEye said it paid roughly $186 million in a combination of cash and stock to acquire Respond in a transaction that closed on November 18, 2020.

FireEye Mandiant has delivered its cyber landscape predictions for the coming year, including growing and affiliate-supported espionage, increased targeting of OT by ransomware, and continued targeting of healthcare. There have been many recent stories about espionage attacks targeting COVID vaccine research- but FireEye Mandiant sees cyber espionage evolving and increasing across the globe.

After six months of the so-called new normal, are you ready to take a breath? Or are you acutely aware that the real threats to your organization are only now becoming clear? The shift to home and remote working has ripped off the band-aids companies have been slapping over long-ignored vulnerabilities, and forced them to confront data security and compliance challenges head on.

In developing its ICS ATT&CK matrix, MITRE stressed that it is necessary to understand both Enterprise ATT&CK and ICS ATT&CK to accurately track threat actor behaviors across OT incidents. "Over the past 5 to 10 years," Nathan Brubaker, senior manager at Mandiant Threat Intelligence told SecurityWeek, "Every sophisticated ICS attack instance we have observed has passed through these intermediary systems on their way to impacting ICS. This includes malware like Stuxnet, Triton and most others. Ninety to ninety-five percent of threat actor activity occurs on these intermediary systems." So that's the most likely place you're going to find ICS attackers, and the best opportunity to stop them.

FireEye announced the formation of Mandiant Solutions. "The purpose of the Mandiant Solutions group is to bring new, controls-agnostic offerings to market that are applicable to every security team. This marks the beginning of our multi-step journey to augment and automate global security teams with more of the actionable data from our front lines, regardless of their SIEM or controls."