Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Services
Capture
Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

twi-cloud-lock-color-svg
Managed Security Services

Expand your team’s capabilities and strengthen your security posture

twi-briefcase-color-svg
Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

twi-dashboard-color-svg
Penetration Testing

Subscription- or project-based testing, delivered by global experts

twi-database-color-svg
Database Security

Get ahead of database risk, protect data and exceed compliance requirements

twi-email-color-svg
Email Security & Management

Catch email threats others miss with layered security & maximum control

twi-managed-portal-color
Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Trustwave’s Action Response To the FireEye Data Breach

Update

With the new information and developments released by FireEye, we have published a new blog post that provides an update on the mitigations and action plans we put in place in response to the FireEye red team tools breach and further actions Trustwave is taking as a result of the SolarWinds Orion platform compromise / SUNBURST malware discovery. Please reference this new blog post.

We wanted to share the plans and procedures we’ve put in place in response to the FireEye breach that was made public this week.

As you may be aware, FireEye has explicitly stated that malicious attackers have stolen red team tools, both open-source and FireEye developed, which are commonly utilized for ethical hacking engagements. We commend FireEye for being transparent in their disclosure of the breach and countermeasures in an effort to ensure the security of other organizations across the world.

At this time, there is no evidence or reason to believe that the FireEye breach or the theft of the red teaming tools has impacted any Trustwave customers or partners.

FireEye has also indicated that the attackers attempted to access information on internal systems related to “government customers” specifically, but there has been no evidence of data exfiltration from the affected systems. Additional investigation and adherence to responsible and legally required disclosure policies by FireEye will be required in order for a client-specific impact from these events to be further determined. Until additional disclosures are made to the public, the tactics, techniques and procedures (TTPs) of the threat actor(s) responsible for the breach and indicators of compromise remain unknown.

We are diligently monitoring the situation, and when/if those additional details are released, we will immediately update our signatures and actively monitor and detect any indication of the threat actor(s) within our customers’ assets.

More Security Actions Taking Place:

  • Trustwave Secure Email Gateway (SEG) customers are slated to receive an update early next week to detect the stolen red teaming tools, should they be sent over email.
  • SNORT signatures are also slated to be added early next week to Trustwave IDS devices for detecting typical traffic from these tools.
  • Trustwave is continuously monitoring for the unauthorized usage of the stolen FireEye toolsets within our managed customer environments across geographies.

Trustwave will continue to be transparent, vigilant and collaborative with the security community to protect organizations from any malicious actors that may attempt to utilize these tools.

Latest SpiderLabs Blogs

The 2023 Retail Services Sector Threat Landscape: A Trustwave Threat Intelligence Briefing

The annual holiday shopping season is poised for a surge in spending, a fact well-known to retailers, consumers, and cybercriminals alike. The latter group, however, is poised to exploit any...

Read More

Pwning Electroencephalogram (EEG) Medical Devices by Default

Overall Analysis of Vulnerability Identification – Default Credentials Leading to Remote Code Execution During internal network testing, a document was discovered titled the “XL Security Site...

Read More

Hidden Data Exfiltration Using Time, Literally

I was looking at my watch last week and my attention was moved towards the seconds over at the right of the watch face, incrementing nicely along as you’d expect. Now, I don’t know if I’d just spent...

Read More