FireEye was attacked by a national hacker team, and some red team tools may be stolen

FireEye is a well-known network security company in the United States, but even professional-level network security companies cannot guarantee 100% security for their company.

Recently, the company was attacked by a national hacker team. In this attack, the target of the hacker team seemed to be the attack tool used by the internal red team of FireEye.

Usually, a security company is divided into a red team and a blue team. The red team is responsible for launching attack tests and the blue team is responsible for defense. Each team has its own research and development technology.

After the successful attack, the hacker immediately locked the attack tools developed and used by the internal red team of FireEye.

FireEye immediately initiated a security response after detecting the attack and organized the blue team to protect its own company, but even so, the tools used by the red team were still stolen.

“Alexander Bünning, Territory Manager DACH von FireEye, im Gespräch mit Markus Zeitler” by WeissenbachPR is licensed under CC BY-NC 2.0

At present, what the outside world is most worried about is the purpose of this national hacker team for stealing these tools, but it is guessed that hackers definitely hopes to launch new attacks through these tools.

Industry security sources said that if hackers leak the tools used by FireEye’s red team, they may attract more hackers to use these professional tools to launch more attacks.

As for the attackers, FireEye stated that it initially judged that this is a national-level hacker team, that is, behind it is a professional-level hacker team funded by a certain country.

The company did not disclose the specific country’s hacker team, but its CEO emphasized that the country has first-class offensive capabilities in cyber attacks.

The Wall Street Journal stated in its report that this national-level hacker team may be a well-known intelligence agency that has also interfered in the US election.

After the attack, FireEye quickly reported to the FBI and requested Microsoft’s help, because FireEye alone may not be able to solve the problem.

This professional hacker team has very sophisticated technical means. It stands to reason that the hacker group may have penetrated the FireEye intranet in some way.

However, FireEye did not disclose when the hacker team entered its intranet or when it launched the attack. For now, it still needs to wait for the cooperation agency to help investigate.

In response to this attack, the company has formulated more than 300 security strategies to prevent attackers from using tools stolen from the company to launch attacks on Fireeye customers and the community.