The company claims that none of the stolen tools include zero-day exploits – it’s a vulnerability that has yet to be patched. There is also no evidence to suggest that the tools were used in the wild, or that anyone behind the attack was able to obtain customer data. But just to be sure, FireEye has shared countermeasures that can detect or block the use of its stolen tools. These countermeasures are publicly available on GitHub. The company is also working with Microsoft and the FBI to investigate what happened. “We don’t know if the attacker intends to use our Red Team tools or disclose them publicly,” Mandia said.
According to The Washington Post, APT29 (otherwise known as Cozy bear), a group of hackers believed to be associated with the Russian Foreign Intelligence Service, is likely behind the attack. This is the same group that hacked the Democratic National Committee servers ahead of the 2016 presidential election.
“This incident shows why the security industry must work together to defend itself and respond to threats posed by well-funded adversaries using new and sophisticated attack techniques,” said a Microsoft spokesperson. Reuters.
As The New York Times points out, this is the largest known theft of cybersecurity tools since the National Security Agency was hacked by a group known as The Shadow Brokers. Out of that attack came WannaCry, which Russia and North Korea used to carry out ransomware attacks on hospitals, businesses and other organizations.