Thread by @Bing_Chris, breaking: cybersecurity firm FireEye has been hacked. In a blog post, CEO [...]

breaking: cybersecurity firm FireEye has been hacked. In a blog post, CEO Kevin Mandia said a highly sophisticated foreign nation-state attack resulted in the theft of internal hacking tools (Red Team kits)

It is unclear:
-how conducted the hack
-which software systems are affected
-when the intrusion occurred
-what the attackers motive is https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools

FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that is has been hacked, possibly by a government, leading to the theft of an arsenal of internal hacking...

https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

The FBI and Microsoft are assisting with an internal investigation. FireEye has been privately working with a group of software vendors in recent weeks to share defensive measure. Mandia says no 0days were included.

Hard to measure impact atm. https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools

FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that is has been hacked, possibly by a government, leading to the theft of an arsenal of internal hacking...

https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

Mandia said no evidence yet that hackings tool have been deployed in the wild. Also no evidence of customer data being exfiltrated. However, investigators noticed the hackers showed a particular interest in FireEye's government clients. Unclear if that means USG agencies or other

Read the story here as we update it through the day with additional insight: https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools

FireEye, one of the largest cybersecurity companies in the United States, said on Tuesday that is has been hacked, possibly by a government, leading to the theft of an arsenal of internal hacking...

https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI

company blog: https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

FireEye was recently attacked by a nation-state adversary and here are the actions we are taking to protect the community.

https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html

new detection rules: https://github.com/fireeye/red_team_tool_countermeasures

fireeye/red_team_tool_countermeasures

Contribute to fireeye/red_team_tool_countermeasures development by creating an account on GitHub.

https://github.com/fireeye/red_team_tool_countermeasures

official SEC filing: https://investors.fireeye.com/static-files/05bd98cf-59b0-4af1-89f2-89e5c8f783f8

Rare FBI statement confirms investigation...

Some are wondering if FireEye plans to release the threat actor TTPs (allowing others to potentially spot them), I think the answer is no. At least for now.

You can follow @Bing_Chris.

Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: