According to a press release from Fireeye unknown hackers recently stole tools from the security company that Fireeye uses to test its clients' defenses. The company's clients include US government agencies and other companies that have been the target of IT attacks or want to improve their protection.
Fireeye explains that so far there is no evidence that the stolen tools were used for further hacker attacks. In order to be able to take countermeasures as quickly as possible, Fireeye wants to provide transparent information about the hacking tools and the security holes used, according to the company. This should facilitate the implementation of direct countermeasures. With the Cloud Hosting-platform GitHub Fireeye has already published corresponding rules for security tools such as ClamAV, Yara and Snort.
Target of the hackers: customer data from Fireeye
In addition to hacking tools, the hackers also tried to copy customer data, according to Fireeye's logs. They were particularly interested in the company's government customers. According to Fireeye CEO Kevin Mandia, it is not yet assumed that the attackers have successfully stolen customer data.
The high professionalism of the attack and the selection of Data Fireeye says it points to government hackers. This is suspected by the FBI, which has begun investigating.
Hackers from Russia?
How the The Wall Street Journal (WSJ) reports that investigating authorities consider hackers close to the Russian secret service likely. The technical skills of the attackers are an indication that the attack may have been carried out by the group that stole emails from Hillary Clinton in the 2016 US election campaign to harm the Democratic Party candidate. As a reason for this assumption, investigators cite an unusual combination of hacking tools that were already used in the 2016 attack.
"The assailants have tailored their world-class capabilities specifically to attack Fireeye."
Mandia
No zero-day exploits included
Zero-day exploits are not included in the stolen hacking tools, according to the company's statement. A list of the used Vulnerabilities including CVE numbers have been published by Fireeye in the meantime. These are mainly network technology from Cisco and enterprise products such as VPNs, Confluence, as well as Microsoft tools such as Exchange, Active Directory, Outlook and Windows. In order to secure the stolen attack vectors, the following are now prioritized for the vulnerabilities Updates well-rehearsed.
