FireEye, a California-based cybersecurity firm that provides businesses with hardware and software tools to detect malware, was infiltrated by highly-sophisticated state-sponsored adversaries in early December 2020. During the breach, a range of stolen tools, from simple scripts used for automating reconnaissance to entire penetration testing frameworks similar to those from CobaltStrike and Metasploit, were extracted. The FireEye tools are “designed to replicate the most sophisticated hacking tools in the world.” FireEye uses the tools to look for vulnerabilities in their clients’ systems. The hackers stole FireEye Red Team assessment tools from a closely guarded digital vault. FireEye quickly published methods to detect malicious use of the tools.
In light of this breach, we recognise that our clients may naturally be concerned over both their own and their IT support provider’s infrastructure security. We have used a product created by our trusted partner, Datto, that leverages FireEye’s published detection methods, and have successfully used the scanner to confirm there are no indicators that the stolen tools are being, or have been used, on our own infrastructure.
Now is a time to remain vigilant and take an active role in hardening your systems against these, now known, penetration tactics. Implement preventative measures like enabling two-factor authentication (2FA), assessing your environment for known vulnerabilities, and asking your key vendors if they’ve assessed and protected their own systems. We are now in the process of contacting all our managed IT service clients and offering a free infrastructure scan.