FireEye's revelation earlier this week that it had been infiltrated by a nation-state hacking operation that stole its red-team hacking tools served as a chilling reminder to the security industry that no one is impermeable to an attack — not even a major incident response company more accustomed to probing and cleaning up the breaches of other high-profile organizations.
Several reports and sources say Russia's SVR foreign service agency, aka APT 29 or Cozy Bear, was the perpetrator. There are still plenty of unknowns about the attack: how the attackers got initial access to FireEye's systems, what defenses they bypassed and how, whether any Windows zero-days were used, and just what if any internal information they accessed on what FireEye CEO Kevin Mandia described as their ultimate target: "certain government customers" of the company.
While FireEye attempted to defang the attacker's ability to use its tools in attacks by publishing detailed mitigations, experts say APT29/Cozy Bear could use the purloined red-team tools to glean intel on its clients' weaknesses or even as a means to cause confusion and sow distrust — trademarks of Russian intelligence — of FireEye and the tools themselves, experts say.
There's also a risk of organizations that are not tuned into the FireEye breach mistaking Russian intel-controlled red-team maneuvers as legitimate FireEye red-team activity, for example, notes Steve Ryan, former deputy director of the National Security Agency ..
Support the originator by clicking the read the rest link below.