US security company FireEye has been hit by nation-state hackers. Programs and scripts that the company uses to simulate attacks and test customer defenses have been stolen.
In the attack on FireEye, sophisticated state-sponsored hackers stole the tools of the security firm’s so-called Red Team. According to the company, these include attack techniques, ranging from scripts to find holes in corporate network defenses to entire frameworks, similar to publicly available pentesting suites such as Cobalt Strike and Metasploit.
FireEye reports that it does not know whether the attackers want to use the tools themselves or want to make them public. In any case, there would be no indications that the techniques were used by third parties. The tools would not use zero-day exploits, methods that take advantage of undisclosed leaks. FireEye itself would also have made some of the techniques available earlier.
FireEye says it has published hundreds of countermeasures to combat abuse. The company has collected these on a GitHub page, and FireEye promises to expand the list. In addition, it has provided countermeasures to customers, partners and the US Department of Homeland Security. FireEye is one of the world’s largest security companies. These types of companies develop attack techniques themselves that Red Teams can use in exercises against Blue Teams, which have to defend themselves against network attacks.