Big news in the cybersecurity world today as Fireeye admitted that Nation-state hacker had broken into their "secure vault" and stolen their Red Team intrusion tool set. Apparently the tool set was built by Fireeye over time using bits and pieces of exploits, so they themselves can perform intrustion testing against clients. While Fireeye won't say, big clues point towards Russia as the culprit.

The concern is not that these tools are out there, but that their use by bad actors can mask the idendity of the attackers, who can typically be identified by the tool set they use. Plus, once they make it to the open market it might make certain exploits more accessable to the broader market.

Fireeye is releasing over 300 countermeasures that are supposed to nulify the vectors used by their tools... I'm sure there is an easy installer for implementing that (not).

The attack that allowed access to the tools was apparently very unique...

I'm looking forward to the details that are sure to come.

|01bobbobbobbob|09bob|03bob|11bob|03bob|09bob|01bobbobbob |01robrobrobrob|09rob|03rob|11rob|03rob|09rob|01robrobrob
|07
--- SBBSecho 3.11-Linux
* Origin: Halls of Valhalla =-= Happy Holidays (700:100/58)

Bob Roberts wrote to All <=-

Big news in the cybersecurity world today as Fireeye admitted that Nation-state hacker had broken into their "secure vault" and stolen
their Red Team intrusion tool set. Apparently the tool set was built
by Fireeye over time using bits and pieces of exploits, so they
themselves can perform intrustion testing against clients. While
Fireeye won't say, big clues point towards Russia as the culprit.

Between this and the NSA thefts, someone's building a pretty big kit.
Probably cheaper than building your own red team. While Russia is a
perfect usual suspect, how about someone who wants to jump start
their program and get into the game? Who could that be?




... Abandon desire
--- MultiMail/XT v0.52
* Origin: realitycheckBBS.org -- information is power. (700:100/20)

Re: Re: Fireeye Security Red Team Kit stolen by Russia
By: poindexter FORTRAN to Bob Roberts on Wed Dec 09 2020 06:58 am

Between this and the NSA thefts, someone's building a pretty big kit. Probably cheaper than building your own red team. While Russia is a perfect usual suspect, how about someone who wants to jump start
their program and get into the game? Who could that be?

Who are the big names in Cyber warfare these days? My guess:
Russia, North Korea, China, Iran, Isreal, USA, UK.

Who has aspirations? My guess:
France, Germany, Syria, Saudi Arabia, Uzbekistan, Poland, Hungary

There could also be a lot of value in Russia grabbing these tools just to see what eploits are detectable and "well known" in the gray/white hat community.

|01bobbobbobbob|09bob|03bob|11bob|03bob|09bob|01bobbobbob |01robrobrobrob|09rob|03rob|11rob|03rob|09rob|01robrobrob
|07
--- SBBSecho 3.11-Linux
* Origin: Halls of Valhalla =-= Happy Holidays (700:100/58)

On 12/8/2020 7:53 PM, between "Bob Roberts":

Big news in the cybersecurity world today as Fireeye admitted that Nation-state hacker had broken into their "secure vault" and stolen
their Red Team intrusion tool set. ...

And this "secure" vault was connected to the internet? That's pretty lame.

I'm looking forward to the details that are sure to come.

Keep us posted.