Jamf Blog
FireEye's swift reaction to its breach on Tuesday allowed Jamf Protect to react quickly, as well.
December 9, 2020 by Stuart Ashenbrenner

FireEye Breach: What you need to know

Tuesday's FireEye breach left many in the security world reeling. Here's who did it, how FireEye responded, and how Jamf Protect moved quickly to protect its customers.

On Tuesday, The New York Times reported that the highly respected cybersecurity firm FireEye was breached. From the piece:

"Hackers could leverage FireEye’s tools to hack risky, high-profile targets with plausible deniability. In risky environments, you don’t want to burn your best tools, so this gives advanced adversaries a way to use someone else’s tools without burning their best capabilities."

— Patrick Wardle, principal security researcher at Jamf

As FireEye is a trusted leader in cybersecurity, this sent a shockwave across the tech industry.

Nation-State Actors

According to The Washington Post, the nation-state actors are reported to be a known hacker group called APT 29 or Cozy Bear, a group attributed to the Russian SVR foreign intelligence service. This group, who recently made news for attempting to steal coronavirus vaccine research in July, penetrated the FireEye systems and was said to be seeking their "Red Team Tools."

These nation-state actors are highly sophisticated, and with enough time and persistence, odds of them getting into a system they’re determined to access is high. Nation-state hacks have not been operating system-specific, and with groups like Cozy Bear or APT38/Lazarus, quick public disclosure becomes increasingly important.

The offense FireEye tools they were after

These tools are commonly used in the "offense" side of security in order to imitate the tools that may be used in a real attack and, with permission by vendors, are used in order to test their systems in search for vulnerabilities. These tools are arguably some of the most sensitive data held by cybersecurity firms, second only to customer data.

FireEye's swift response

Although the hack was certainly eye-opening, FireEye disclosed the breach quickly and publicly, posting the YARA rules of these tools as well as countermeasures on GitHub. This allowed others in the cybersecurity space to quickly monitor for the tools to which the hackers gained access—the defense to their offense.

Jamf Protect has you covered

Fortunately, with tools like Jamf Protect, you can leave the security of your devices to Jamf and IT departments. Jamf Protect immediately began the process of implementing the single MacOS-specific YARA rule into their production pipeline the day FireEye disclosed the information surrounding the breach. The team at Jamf Protect will continue to monitor for these tools and will make updates to the rule as needed.

Ways enterprise can protect itself

As malware within the MacOS ecosystem is still on the rise, it becomes continually important to take the steps to secure devices. There are steps and precautions that can be taken in order to make certain your devices are as secure as possible, in addition to the utilization of tools like Jamf Protect:

Jamf can help

Combining these steps alongside an endpoint security solution like Jamf Protect will help keep your devices secure — all while maintaining a minimal impact on end-users, providing a better user experience.

Jamf Protect uses monitoring, heuristic analysis, threat detection, threat prevention, and threat remediation to guard your Apple fleet against potential threats and offers same-day support as new Apple releases.

Get Jamf Protect's proactive endpoint protection today.

Stuart Ashenbrenner
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.