Scan across all the news, FireEye Hacked incident is something worth to highlight and more importantly what the lesson we can learn from it. Let get real, being cyberthreat hunter, but you are being hacked, that is the result, what really matter is actually what is going on, a company suppose possess global capability to provide cyberthreat defense is actually be one of the victim itself.
Whether or not it is high level state sponsor and initiative attack or not, let put it aside.
FireEye Red Team assessment tools were stolen and the intent for the use is unknown. We can make educated guesses, and direct it most likely to create a malware that will exploit common vulnerabilities or tweak the existing malware to bypass cyber defense or whatever. The impact for the hack is huge mainly, this is not the typical corporation being hacked, but specialists and experts who provide cyber defence protection service. If they are also being hacked, you can imagine if the same group of hackers target a typical corporation, what will it be for the outcome?
Some companies may still stay at the vulnerability assessment and penetration testing, but the whole world is moving toward performing cyber defensive via cyber offensive and formation of red team operations. As it reflects into a lot of the corporation and government agencies have changed their naming and organization unit to reflect their change. At the same time, dark web trading is also something real, a threat for major global corporations and government agencies.
Typically with the hacked with the purpose for stealing the tool, we may expect for the near future for the next step related to the incident will come into the surface. Who will be the next series of the target with the use of the stolen tools or improve or enhance version of it?
How the play makes use of the SolarWinds software product vulnerability and access to the backdoor to access FireEye network is also something worth reader to read in depth from all those cited news. Originally target Solarwinds and took advantage of the vulnerability to implant malware, and just wait for Solarwinds customers to update their software to get malicious Trojan. This two tier attack required a well planned and intelligence collection in advance, before executing it. Maybe FireEye being hacked is just one of the many that are being hacked. Since in reality, no many companies will be made stand for being hacked and facing reputation damage.
E-SPIN in the business of enterprise ICT solution consulting, supply, project management, training and maintenance support for corporations and government agencies across the region E-SPIN do business, since 2005. Feel free to contact E-SPIN for your cyber offensive, red team operations initiative and requirements.