FireEye, a traditional cybersecurity company based in California (USA), revealed, last Tuesday (8), to have been victim of an attack apparently designed by state agents. According to a statement published on its official blog, the company had several proprietary red team tools stolen by the attackers – luckily, it seems, this content is not yet being shared on the web.
Red team tools are, in short, resources used to test your customers’ cyber defense – which, in the case of FireEye, includes multinationals and federal, state and local government agencies. We are talking about scripts, scanners and other resources capable of identifying vulnerabilities in systems, mimicking the action of real criminals, to provide the blue team with an insight into unsafe points in systems.
Stolen tools range from simple scripts used to automate recognition to entire frameworks that are similar to publicly available technologies, such as CobaltStrike and Metasploit. Many of the red team tools have already been released to the community and are already distributed on our open source virtual machine, CommandoVM ”, explained FireEye.
Jake Williams, a former National Security Agency (NSA) agent and president of Rendition Infosec, told The Guardian that the modus operandi of the invaders reminds a lot of the action tactics of hacking groups of the Russian government. It is difficult to know whether malicious agents intend to use the tools offensively against key targets or whether they want to make them available to the public – both possibilities are worrying.
“To enable the community to detect these tools, we are publishing countermeasures to help organizations identify these tools if they are identified. In response to the theft of our red team tools, we launched hundreds of countermeasures for publicly available technologies such as OpenIOC, Yara, Snort and ClamAV ”, adds FireEye.
The brand also ensures that none of its tools make use of zero-day vulnerabilities, based only on known loopholes and known invasion tactics in the sector. All the countermeasures announced were hosted on the company’s GitHub and are being incorporated into defense solutions for critical customers, such as the United States Department of Homeland Security.
See the original post at: https://thehack.com.br/fireeye-e-invadida-por-supostos-hackers-estatais-e-tem-ferramentas-de-red-team-roubadas/?rand=48873