What happened:
A Russian government agency, SVR (Foreign Intelligence Service), hacked into FireEye and accessed hundreds of FireEye’s pen testing tools. SVR now has insight into how FireEye evaluates weaknesses in their customers’ systems.
FireEye’s service is to deploy suspicious files into a safe environment to see if they are dangerous, so they were able to update their customer’s systems to detect attacks from their stolen tool set.
This attack appears to be part of the same campaign as SolarWinds.
What does this mean to you:
The tech supply chain is compromised by well-funded state actors.
If you are a FireEye customer, you are likely already protected against attacks by their tools. Continue to follow their guidance for protecting your systems.
You must include high-tech supply-chain (cloud) providers in your third-party risk management (TPRM) program.
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.