The company says none of the stolen tools include zero-day exploits — that is a vulnerability that doesn’t have a fix yet. There’s also no evidence yet to suggest the tools have been used in the wild, or that whoever was behind the attack was able to obtain any client data. But just to be safe, FireEye has shared countermeasures that can detect or block the use of its stolen tools. Those countermeasures are publicly available on GitHub. The company is also working with Microsoft and the FBI to investigate what happened. “We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them,” Mandia said.
According to The Washington Post, APT29 (otherwise known as Cozy Bear), a hacker group that’s believed to be associated with Russia’s Foreign Intelligence Service, is likely behind the attack. That’s the same group that hacked the servers of the Democratic National Committee ahead of the 2016 presidential election.
“This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques,” a Microsoft spokesperson told Reuters.
As The New York Times points out, this is the largest known theft of cybersecurity tools since the National Security Agency was hacked by a group known as The Shadow Brokers. Out of that attack came WannaCry, which Russia and North Korea used to conduct ransomware attacks on hospitals, businesses and other organizations.