7 comments

[ 0.17 ms ] story [ 22.0 ms ] thread
I always read "Breached by Nation-State Hackers" as "we have no idea what happened, but do not want to look stupid for considering security a cost center, and cost cutting it to the max"

I am rarely wrong in this.

This is exactly how we always put it.
That’s usually the case, but it’s also true that nation-states do hack companies. A large cybersecurity firm being attacked for details of their government clients does sound like something a nation-state would be interested in. If you’re trying to make money that doesn’t seem like the most straightforward route.
Also, it's great/free advertising. The more stories of cyber threats out there, the better for your bottom line.

Not saying that the cyber threat isn't real, it is real. Just saying the free publicity is great for these cybersecurity companies.

Pretty big set of Yara signatures from FireEye to help detect their stolen tools in the wild.

https://github.com/fireeye/red_team_tool_countermeasures

If even their tools were stolen, how the hell can they claim "no customer data was accessed"?
Totally different buckets. The tools need to be accessible to basically every red team employee, while customer data only needs to be accessible to sales and some portion of the consultant teams.