The NCCC at the NSDC of Ukraine warns of an increased level of cyber threats due to a cyberattack against FireEye

The leading American company FireEye, which specializes in cybersecurity, has suffered a powerful cyberattack, the company’s head reported. As a result of the attack, digital tools were stolen, with the help of which Red Team specialists previously detected vulnerabilities in the protection systems of other companies and governments.

The available data on the attack have been forwarded for investigation to the FBI and a number of key partners of the company, and indicators have been published to detect signs of the use of stolen tools (available at https://github.com/fireeye/red_team_tool_countermeasures).

According to FireEye, the stolen tools range from simple scripts to automate the target data collection to entire frameworks, similar to CobaltStrike and Metasploit and do not contain zero-day exploits. They are commonly used to actively check the security status of networks and simulate cyberattacks during cyber exercises.

Such tools can be used to intervene in networks and information systems, and under certain conditions can be used as cyber weapons.

According to FireEye, the nature of the hacking indicates a high probability of the involvement of Russia’s intelligence services in this cyberattack.

Given the growing number of incidents recorded by the National Coordination Center for Cybersecurity, this signals an increased level of cyber threats to Ukrainian information systems, especially before the New Year holidays and the possible introduction of restrictions due to quarantine measures.

The National Coordination Center for Cybersecurity, together with key cybersecurity actors, provides information to public authorities and critical infrastructure facilities on how to detect and counter stolen FireEye tools.

If cyber incidents or signs of a cyberattack are detected, please notify the National Coordination Center for Cybersecurity immediately (report@ncscc.gov.ua).