www.mandiant.com
Open in
urlscan Pro
2606:4700:300b::a29f:f07d
Public Scan
Submitted URL: https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
Effective URL: https://www.mandiant.com/resources/blog/unauthorized-access-of-fireeye-red-team-tools
Submission: On September 20 via api from DE — Scanned from DE
Effective URL: https://www.mandiant.com/resources/blog/unauthorized-access-of-fireeye-red-team-tools
Submission: On September 20 via api from DE — Scanned from DE
Form analysis 2 forms found in the DOM
GET /search
<form action="/search" method="get">
<div class="js-form-item form-item js-form-type-textfield form-item-search js-form-item-search">
<label class="visually-hidden" for="edit-search">Search</label>
<input data-drupal-selector="edit-search" type="text" id="edit-search" name="search" value="" size="30" maxlength="128" class="form-text" placeholder="Search">
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper" id="edit-actions">
<button data-drupal-selector="edit-submit-acquia-search" type="submit" id="edit-submit-acquia-search" class="button js-form-submit form-submit">
<span class="visually-hidden">Submit search form</span>
<svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
<path d="M7.22574 13.9446C10.6622 13.9446 13.4481 11.1588 13.4481 7.72232C13.4481 4.28583 10.6622 1.5 7.22574 1.5C3.78925 1.5 1.00342 4.28583 1.00342 7.72232C1.00342 11.1588 3.78925 13.9446 7.22574 13.9446Z" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<path d="M15.0001 15.4996L11.6167 12.1162" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</div>
</form>GET /search
<form action="/search" method="get">
<div class="js-form-item form-item js-form-type-textfield form-item-search js-form-item-search">
<label class="visually-hidden" for="edit-search">Search</label>
<input data-drupal-selector="edit-search" type="text" id="edit-search" name="search" value="" size="30" maxlength="128" class="form-text" placeholder="Search">
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper" id="edit-actions">
<button data-drupal-selector="edit-submit-acquia-search" type="submit" id="edit-submit-acquia-search" class="button js-form-submit form-submit">
<span class="visually-hidden">Submit search form</span>
<svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
<path d="M7.22574 13.9446C10.6622 13.9446 13.4481 11.1588 13.4481 7.72232C13.4481 4.28583 10.6622 1.5 7.22574 1.5C3.78925 1.5 1.00342 4.28583 1.00342 7.72232C1.00342 11.1588 3.78925 13.9446 7.22574 13.9446Z" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<path d="M15.0001 15.4996L11.6167 12.1162" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</div>
</form>Text Content
Skip to main content
* Platform
MANDIANT ADVANTAGE
Multi-vendor XDR platform that delivers expertise and frontline intelligence
to security teams of all sizes.
Platform overview
PLATFORM MENU
* Automated Defense
Rapid event investigation & remediation
* Attack Surface Management
Map your external environment
* Security Validation
Validate controls are working properly
* Threat Intelligence
Integrate latest intel from the frontlines
* Ransomware Defense Validation
Test your ability to prevent ransomware
* Digital Threat Monitoring
Visibility into the open, deep and dark web
* Managed Defense
Eliminate threats with managed detection and response services
Get started for freeRegister for Mandiant Advantage Threat intelligence
* Solutions
MANDIANT SOLUTIONS
Solve your toughest cyber security challenges with use-case and
industry-focused combinations of our products and services.
SOLUTIONS MENU
* Use Cases
* Ransomware
Increase resilience against multifaceted extortion
* Cyber Threat Intelligence
Know who is targeting you
* Cyber Risk Management
Advance your business approach to cyber security
* Attack Surface Visibility
See what attackers see
* Digital Risk Protection
Focus on what's most important to mitigate digital risk
* Cyber Preparedness
Validate your cyber preparedness
* OT/ICS Security
Extend cyber defense to strengthen OT and ICS security
* Detection and Response
Focus on what's most important to mitigate digital risk
* Insider Threats
Uncover and manage insider threats
* Cyber Security Skills Gap
Close gaps with flexible access to security experts
* Manufacturing
Manufacturing organizations know they must keep production lines
running.
* Public Sector
* Government Cyber Security
Protecting Governments from Cyber Attacks
* Election Security
Focus on Election Infrastructure Protection
* Intelligence
* Services
MANDIANT SERVICES
Mitigate threats, reduce risk and get back to business with the help of
experts!
Learn more
SERVICES MENU
* Featured Consulting Solutions
* Cyber Defense Transformation
Properly establish cyber defenses
* Incident Response
Tackle breaches confidently
* Strategic Readiness
Increase resilience to risk
* Technical Assurance
Test your security program
* View all Services (48)
* Expertise On Demand
Access to Mandiant Experts
* Training
* Find a Course
Browse on-demand and live training
* Mandiant Academy
Train your teams to protect effectively
Schedule a consultationGet in touch with a Mandiant expert
* Resources
RESOURCE
* Resource
* Mandiant Blog
Expert perspectives and industry news.
* Podcasts
Interviews, hot topics, and more
* Customer Stories
Case studies and customer testimonials.
* Reports
Research from the frontlines
* Webinars
Pre-recorded or livestreamed speaker events
* Insights
Cyber security concepts, methods, etc.
* Events
Conferences and collaborative events
* Infographics
Visualizations of security research and processes
* Datasheets
Descriptions of Mandiant offerings
newM-Trends 2022: Cyber Security Metrics, Insights and Guidance From the
FrontlinesLearn More
View all resources
* Company
COMPANY
Learn more about us and our mission to help organizations defend against
cyber crime.
About Mandiant
Contact Us
COMPANY MENU
* Careers
Life at Mandiant and open roles
* Noteholder Documents
* Media Center
News, reporting and research
* Partners
Partners ecosystem and resources
* Elevate
* Mandiant Gives Back
* Create a free account
* Sign in to Advantage
en expand_more
* English
* Français
* Deutsch
* 日本
* 한국어
* Español
* Italian
Start for Free
Search
Submit search form
Search
Submit search form
* Platform
* Mandiant Advantage Overview
* Automated Defense
* Security Validation
* Ransomware Defense Validation
* Attack Surface Management
* Threat Intelligence
* Digital Threat Monitoring
* Managed Defense
* Solutions
* Ransomware
* Cyber Risk Management
* Digital Risk Protection
* OT/ICS Security
* Insider Threats
* Cyber Security Skills Gap
* Manufacturing
* Election Security
* Government Cyber Security
* Cyber Threat Intelligence
* Attack Surface Visibility
* Cyber Preparedness
* Detection and Response
* Intelligence
* Services
* Services Overview
* Incident Response
* Strategic Readiness
* Technical Assurance
* View all Services (48)
* Mandiant Academy
* Find a Course
* Expertise On Demand
* Resources
* Resources
* Mandiant Blogs
* Customer Stories
* Webinars
* Events
* Podcasts
* Reports
* Insights
* Datasheets
* Infographics
* Company
* About Mandiant
* Careers
* Media Center
* Partners
* Elevate
* Mandiant Gives Back
* Mobile Footer Section
* See what’s new at Mandiant
* Get started
* Incident Response Help
* Contact Sales
* Support
* Sign In
* Create a Free Mandiant Advantage Account
TOP
* Incident Response
* Contact sales
* Support
* Advantage Free Trial
* Blog
* Support
* Contact us
* report_problemIncident Response Assistance
BREADCRUMB
1. Home
2. Resources
3. Unauthorized Access of FireEye Red Team Tools
Threat Research
UNAUTHORIZED ACCESS OF FIREEYE RED TEAM TOOLS
FireEye
Dec 08, 2020
3 mins read
Threat Research
OVERVIEW
A highly sophisticated state-sponsored adversary stole FireEye Red Team tools.
Because we believe that an adversary possesses these tools, and we do not know
whether the attacker intends to use the stolen tools themselves or publicly
disclose them, FireEye is releasing hundreds of countermeasures with this blog
post to enable the broader security community to protect themselves against
these tools. We have incorporated the countermeasures in our FireEye
products—and shared these countermeasures with partners, government agencies—to
significantly limit the ability of the bad actor to exploit the Red Team tools.
You can find a list of the countermeasures on the FireEye GitHub repository
found HERE.
RED TEAM TOOLS AND TECHNIQUES
A Red Team is a group of security professionals authorized and organized to
mimic a potential adversary’s attack or exploitation capabilities against an
enterprise’s security posture. Our Red Team’s objective is to improve enterprise
cyber security by demonstrating the impacts of successful attacks and by showing
the defenders (i.e., the Blue Team) how to counter them in an operational
environment. We have been performing Red Team assessments for customers around
the world for over 15 years. In that time, we have built up a set of scripts,
tools, scanners, and techniques to help improve our clients’ security postures.
Unfortunately, these tools were stolen by a highly sophisticated attacker.
The stolen tools range from simple scripts used for automating reconnaissance to
entire frameworks that are similar to publicly available technologies such as
CobaltStrike and Metasploit. Many of the Red Team tools have already been
released to the community and are already distributed in our open-source virtual
machine, CommandoVM.
Some of the tools are publicly available tools modified to evade basic security
detection mechanisms. Other tools and frameworks were developed in-house for our
Red Team.
NO ZERO-DAY EXPLOITS OR UNKNOWN TECHNIQUES
The Red Team tools stolen by the attacker did not contain zero-day exploits. The
tools apply well-known and documented methods that are used by other red teams
around the world. Although we do not believe that this theft will greatly
advance the attacker’s overall capabilities, FireEye is doing everything it can
to prevent such a scenario.
It’s important to note that FireEye has not seen these tools disseminated or
used by any adversaries, and we will continue to monitor for any such activity
along with our security partners.
DETECTIONS TO HELP THE COMMUNITY
To empower the community to detect these tools, we are publishing
countermeasures to help organizations identify these tools if they appear in the
wild. In response to the theft of our Red Team tools, we have released hundreds
of countermeasures for publicly available technologies like OpenIOC, Yara,
Snort, and ClamAV.
A list of the countermeasure is available on the FireEye GitHub repository found
here. We are releasing detections and will continue to update the public
repository with overlapping countermeasures for host, network, and file-based
indicators as we develop new or refine existing detections. In addition, we are
publishing a list of CVEs that need to be addressed to limit the effectiveness
of the Red Team tools on the GitHub page.
FIREEYE PRODUCTS PROTECT CUSTOMERS AGAINST THESE TOOLS
Teams across FireEye have worked to build the countermeasures to protect our
customers and the broader community. We have incorporated these countermeasures
into our products and shared these countermeasures with our partners, including
the Department of Homeland Security, who have incorporated the countermeasures
into their products to provide broad coverage for the community.
More information on the detection signatures available can be found in the
GitHub repository.
* Follow us
*
*
*
*
FOOTER
* Mandiant Advantage Platform
* Platform Overview
* Automated Defense
* Security Validation
* Ransomware Defense Validation
* Attack Surface Management
* Threat Intelligence
* Digital Threat Monitoring
* Managed Defense
* Solutions
* Ransomware
* Industrial Controls & OT
* Cyber Risk Management
* Digital Risk Protection
* Insider Threats
* Cyber Security Skills Gap
* Election Security
* Government Cyber Security
* Manufacturing
* Cyber Threat Intelligence
* Attack Surface Visibility
* Cyber Preparedness
* Detection and Response
* Services
* Services Overview
* Incident Response
* Strategic Readiness
* Cyber Defense Transformation
* Technical Assurance
* View all Services (48)
* Expertise on Demand
* Mandiant Academy
* Overview
* Education Formats
* Upcoming Courses
* On-Demand Courses
* Certifications
* ThreatSpace Cyber Range
* Free Course Sneak Peaks
* Resources
* Resource Center
* Mandiant Blog
* Podcasts
* Customer Stories
* Reports
* Webinars
* Insights
* Infographics
* Datasheets
* Company
* About Us
* Careers
* Events
* Media Center
* Noteholder Documents
* Partners
* Partners Overview
* Service Partners
* Cyber Risk Partners
* Technology Partners
* Partner Portal
* Connect with Mandiant
* Contact Us
* Report an Incident
* Customer Support
* Email Preferences
* Customer Success
* Media Inquiries
© Copyright 2022 Mandiant. All rights reserved.
BOTTOM
* Privacy & Cookies Policy
* Terms & Conditions
* Compliance
* Site Map
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. Privacy Policy
Cookies Settings Reject All Accept All Cookies
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
REQUIRED COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
PERFORMANCE COOKIES
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Reject All Confirm My Choices