FireEye hacked: tools stolen: Russia?
FireEye hacked: tools stolen: Russia?
Guest formerly known as unregistered Guest999. (Could someone please provide the link. Yes, pathetic I know.)
NYTimes today, says California computer security firm FireEye was hacked and their toolbox of hacks and tricks stolen. Expect future trouble employing the stolen FireEye code. They say the scale of attack indicates a state level actor: Russia suspected.
(Not believed related to not nearly high tech 'time-stamping' plug-ins installed, but adamantly NOT always employed for deceptive purposes, by ToF.)
NYTimes today, says California computer security firm FireEye was hacked and their toolbox of hacks and tricks stolen. Expect future trouble employing the stolen FireEye code. They say the scale of attack indicates a state level actor: Russia suspected.
(Not believed related to not nearly high tech 'time-stamping' plug-ins installed, but adamantly NOT always employed for deceptive purposes, by ToF.)
-
- I live above an internet cafe
- Reactions: 8
- Posts: 148
- Joined: Sat Jan 04, 2020 4:13 am
It was reported today that Russian officials are warning citizens to avoid alcohol for at least 2 months after receiving the country’s Sputnik V #COVID19 vaccine. Hackers are often fueled by rage, so the timing of these two announcements might just be related.
FireEye's Own Blog Entry About the Hack
Seattle Times Report About FireEye Hack
FireEye's Own Blog Entry About the Hack
Seattle Times Report About FireEye Hack
I don’t see anything in FireEye’s report indicating that it was done by Russians. Where is that coming from?
Whenever we have problems, blame Russia or China, easier than admitting that Utopia has problems
According to FireEye nothing confidential was obtained through the breach. There are no indications that they accessed any customer information. FireEye has published a list of vulnerabilities that the stolen tools exploit: https://github.com/fireeye/red_team_too ... m_tools.md
It's not a devastating intrusion, and while it's embarrassing for them it also highlights that nobody is immune against state sponsored advanced persistent threats.
It's not a devastating intrusion, and while it's embarrassing for them it also highlights that nobody is immune against state sponsored advanced persistent threats.
Nobody is immune against state sponsored advanced persistent threats, that much is true. Fireeye yelling that the adversary deployed super-1337 hacking skills to pwn it is something yet to be seen. The majority of breaches are due to simple misconfigurations or a missing security patch.
As cybersecurity firm they should have a sound defense-in-depth + proper monitoring which might account for the fact no crucial data has been stolen.
As cybersecurity firm they should have a sound defense-in-depth + proper monitoring which might account for the fact no crucial data has been stolen.
-
- I live above an internet cafe
- Reactions: 8
- Posts: 148
- Joined: Sat Jan 04, 2020 4:13 am
There is a lot of finger pointing at Russia in this New York times piece, though it seems mostly to be educated guesswork, rather than evidence backed.
https://www.nytimes.com/2020/12/08/tech ... sians.html
The misconfigured is an easy target.
The australians were slow to recognise their vulnerable systems but being the lucky country they have been lucky to not have as much to lose as say the usa.
The australians were slow to recognise their vulnerable systems but being the lucky country they have been lucky to not have as much to lose as say the usa.
Here is some more info of what was in a Fireeye github account: https://labs.bishopfox.com/industry-blo ... pen-source
Looks like your typical red team tooling with some tweaks / anti-av measures. Vulns/exploits are all well known. Let's see if the attackers release anything more damaging.
Looks like your typical red team tooling with some tweaks / anti-av measures. Vulns/exploits are all well known. Let's see if the attackers release anything more damaging.
-
- I live above an internet cafe
- Reactions: 8
- Posts: 148
- Joined: Sat Jan 04, 2020 4:13 am
The news of Russian (state sponsored) hackers just keeps pouring in. Are they just bad at covering their tracks?
"Russian government hackers behind breach at US treasury and commerce departments"
https://www.independent.co.uk/news/worl ... 72639.html
"Russian government hackers behind breach at US treasury and commerce departments"
https://www.independent.co.uk/news/worl ... 72639.html
It is the new spying. However attribution is not as easy as the coldwar days. Hackers can impersonate each other, share infrastructure, copy/borrow/buy each others tools. As it is relatively risk free any country is engaged in it.
So for every Russian story that is published you have equal Chinese, American, Israeli etc operations. Their targets don't notice or they don't write for English media. The most recent story I remember is NSA spying on the EU through Denmark.
Src. https://www.thelocal.dk/20201117/us-acc ... industries
So for every Russian story that is published you have equal Chinese, American, Israeli etc operations. Their targets don't notice or they don't write for English media. The most recent story I remember is NSA spying on the EU through Denmark.
Src. https://www.thelocal.dk/20201117/us-acc ... industries
They got pwned by a supplychain attack. The compromised vendor: SolarWinds.
A trojanized update deployed a (signed) DLL based backdoor. The attackers had the ability to sign their code with a valid SolarWinds key. To evade detection the DLL remained dormant for some time. Once active it would store recon output in legit SolarWind files on the compromised system. Multiple companies and government systems were infected.
Advisory: https://www.solarwinds.com/securityadvisory
Technical writeup and detection rules:
https://www.fireeye.com/blog/threat-res ... kdoor.html
Place your bets on attribution: was it China? Iran? Russia? North Korea? Or done for the lulz?
A trojanized update deployed a (signed) DLL based backdoor. The attackers had the ability to sign their code with a valid SolarWinds key. To evade detection the DLL remained dormant for some time. Once active it would store recon output in legit SolarWind files on the compromised system. Multiple companies and government systems were infected.
Advisory: https://www.solarwinds.com/securityadvisory
Technical writeup and detection rules:
https://www.fireeye.com/blog/threat-res ... kdoor.html
Place your bets on attribution: was it China? Iran? Russia? North Korea? Or done for the lulz?
- chkai chgout
- I live above an internet cafe
- Reactions: 56
- Posts: 221
- Joined: Fri Feb 08, 2019 6:46 am
Fireeye says Russian gov now.
https://www.nbcnews.com/news/us-news/ru ... e-n1251057
https://www.nbcnews.com/news/us-news/ru ... e-n1251057
China & N-Korea don't need to steal the tools, they do have unlimited human resources as well as (at least China) 99% of the world using China tools, so sufficient intruder potential already installed.
Iran is not that sophisticated, more brute religious related attacks.
Russia lacks both the resources (Human and money) as well as the core deep tech knowledge China has.
Western countries: They don't have the knowledge, let alone the desire to do these attacks.
So, yeah, obviously Russia.......
Iran is not that sophisticated, more brute religious related attacks.
Russia lacks both the resources (Human and money) as well as the core deep tech knowledge China has.
Western countries: They don't have the knowledge, let alone the desire to do these attacks.
So, yeah, obviously Russia.......
-
- Similar Topics
- Replies
- Views
- Last post
-
- 20 Replies
- 7972 Views
-
Last post by techietraveller84
Fri Oct 02, 2020 11:34 pm
-
-
Cambodian Senate website hacked by phishers targeting OneDrive users
by Bong Burgundy » Thu Jun 11, 2020 11:18 pm » in Cambodia News - 6 Replies
- 1925 Views
-
Last post by ផោមក្លិនស្អុយ
Fri Jun 12, 2020 9:29 pm
-
-
-
Russia wants $4.4 million in compensation for wandering reindeer.
by Lucky Lucan » Thu Aug 31, 2023 4:35 pm » in 'Not' Cambodia - 6 Replies
- 2645 Views
-
Last post by schlarry
Fri Sep 01, 2023 7:54 am
-