FireEye, a top cybersecurity company, which is involved in the detection and prevention of cyber attacks and cybersecurity related assessments around the world has announced that its Red Team tools have been hacked, and that a nation state actor is responsible.
Red Team tools are designed to mimic the tactics of malicious actors and are used by organized groups of security professionals to detect security vulnerabilities in an organization. The advantage of using stolen tools is the ability of malicious actors to hide their tracks and maintain plausible deniability.
FireEye states that they don’t know whether malicious actors are planning to publicly disclose the tools or use the tools themselves in attacks. Some of the accessed tools are publicly available, while others were developed for use in-house. Specifically, FireEye reports that malicious actors primarily sought information related to their government customers and that certain Red Team tools used to assess client security were accessed. They stated that although there is no evidence that these tools have yet been exploited, they are “proactively releasing methods and means to detect the use of our stolen Red Team tools.”.
The New York Times refers to this hack as “the biggest known theft of cybersecurity tools since those of the National Security agency were purloined in 2016 by a still-unidentified group that calls itself the ShadowBrokers.”.