FireEye reveals theft and data breach of hacking tools

FireEye reveals theft and data breach of hacking tools

American cybersecurity firm FireEye says it was at the end of a recent cyberattack and that it may have been backed by a government-backed hacking operation.

"A highly sophisticated state-sponsored opposition stole the FireEye Red Team," the company said in a December 8 statement. "Because we believe that an adversary has these tools, and we do not know if the attacker himself wants to use the stolen media or reveal it publicly, FireEye launched hundreds of retaliations with this blog post. Allowing the security community at large to protect itself. Against these tools. "

It is not clear at first when the attack occurred, but Reuters quoted a source as telling the publication that the company was resetting users' passwords in the past two weeks. The Federal Bureau of Investigation and Microsoft join to investigate.

"The FBI is investigating the incident, and early indications show that an actor has a high degree of sophistication tailored to the country-state," Deputy Deputy Director of the Cyber ​​Division Matt Gorham told Reuters.

FireEye claims that the stolen devices range from simple scripts used to automate participation, automating the entire structure similar to publicly available technologies like CobaltreeStrike and Metasploit. Many of the Red Team tools have already been released to the community and are already distributed in the company's open source virtual machine, Commando VM.

FireEye says there is no evidence yet that the devices are being used by the threat actors. A list of counter notifications is available on the FireEye GitHub repository.