Recently the world of cyber was flustered by the historical incident that might fundamentally change the cybersecurity domain. FireEye was breached by an unknown APT group, who managed to steal the vendor’s Red Team tools and access sensitive data associated with government clients. FireEye’s network was breached in the course of a massive supply chain attack powered by the new Sunburst backdoor that already made top headlines in the media. The investigation on this advanced threat reveals backdoor was utilized to penetrate US government agencies, as well as US Fortune 500 enterprises.
Multiple Sigma rules designed to detect Sunburst backdoor and possible abuse of FireEye Red Team tools are already available at our Threat Detection Marketplace. SOC Prime Team, in collaboration with our Threat Bounty Program community, constantly updates the list of rules related to the FireEye breach. Get a subscription now to reach the most relevant SOC content and stay tuned for the current Sunburst countermeasures.
Check up more related posts containing direct links on the Threat Detection Marketplace curated SOC content in our blog: