www.mandiant.com
Open in
urlscan Pro
2606:4700:300b::a29f:f07d
Public Scan
Submitted URL: https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
Effective URL: https://www.mandiant.com/resources/blog/unauthorized-access-of-fireeye-red-team-tools
Submission: On September 20 via api from DE — Scanned from DE
Effective URL: https://www.mandiant.com/resources/blog/unauthorized-access-of-fireeye-red-team-tools
Submission: On September 20 via api from DE — Scanned from DE
Form analysis
2 forms found in the DOMGET /search
<form action="/search" method="get">
<div class="js-form-item form-item js-form-type-textfield form-item-search js-form-item-search">
<label class="visually-hidden" for="edit-search">Search</label>
<input data-drupal-selector="edit-search" type="text" id="edit-search" name="search" value="" size="30" maxlength="128" class="form-text" placeholder="Search">
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper" id="edit-actions">
<button data-drupal-selector="edit-submit-acquia-search" type="submit" id="edit-submit-acquia-search" class="button js-form-submit form-submit">
<span class="visually-hidden">Submit search form</span>
<svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
<path d="M7.22574 13.9446C10.6622 13.9446 13.4481 11.1588 13.4481 7.72232C13.4481 4.28583 10.6622 1.5 7.22574 1.5C3.78925 1.5 1.00342 4.28583 1.00342 7.72232C1.00342 11.1588 3.78925 13.9446 7.22574 13.9446Z" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<path d="M15.0001 15.4996L11.6167 12.1162" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</div>
</form>
GET /search
<form action="/search" method="get">
<div class="js-form-item form-item js-form-type-textfield form-item-search js-form-item-search">
<label class="visually-hidden" for="edit-search">Search</label>
<input data-drupal-selector="edit-search" type="text" id="edit-search" name="search" value="" size="30" maxlength="128" class="form-text" placeholder="Search">
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper form-wrapper" id="edit-actions">
<button data-drupal-selector="edit-submit-acquia-search" type="submit" id="edit-submit-acquia-search" class="button js-form-submit form-submit">
<span class="visually-hidden">Submit search form</span>
<svg width="16" height="17" viewBox="0 0 16 17" fill="none" xmlns="http://www.w3.org/2000/svg" aria-hidden="true">
<path d="M7.22574 13.9446C10.6622 13.9446 13.4481 11.1588 13.4481 7.72232C13.4481 4.28583 10.6622 1.5 7.22574 1.5C3.78925 1.5 1.00342 4.28583 1.00342 7.72232C1.00342 11.1588 3.78925 13.9446 7.22574 13.9446Z" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<path d="M15.0001 15.4996L11.6167 12.1162" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</div>
</form>
Text Content
Skip to main content * Platform MANDIANT ADVANTAGE Multi-vendor XDR platform that delivers expertise and frontline intelligence to security teams of all sizes. Platform overview PLATFORM MENU * Automated Defense Rapid event investigation & remediation * Attack Surface Management Map your external environment * Security Validation Validate controls are working properly * Threat Intelligence Integrate latest intel from the frontlines * Ransomware Defense Validation Test your ability to prevent ransomware * Digital Threat Monitoring Visibility into the open, deep and dark web * Managed Defense Eliminate threats with managed detection and response services Get started for freeRegister for Mandiant Advantage Threat intelligence * Solutions MANDIANT SOLUTIONS Solve your toughest cyber security challenges with use-case and industry-focused combinations of our products and services. SOLUTIONS MENU * Use Cases * Ransomware Increase resilience against multifaceted extortion * Cyber Threat Intelligence Know who is targeting you * Cyber Risk Management Advance your business approach to cyber security * Attack Surface Visibility See what attackers see * Digital Risk Protection Focus on what's most important to mitigate digital risk * Cyber Preparedness Validate your cyber preparedness * OT/ICS Security Extend cyber defense to strengthen OT and ICS security * Detection and Response Focus on what's most important to mitigate digital risk * Insider Threats Uncover and manage insider threats * Cyber Security Skills Gap Close gaps with flexible access to security experts * Manufacturing Manufacturing organizations know they must keep production lines running. * Public Sector * Government Cyber Security Protecting Governments from Cyber Attacks * Election Security Focus on Election Infrastructure Protection * Intelligence * Services MANDIANT SERVICES Mitigate threats, reduce risk and get back to business with the help of experts! Learn more SERVICES MENU * Featured Consulting Solutions * Cyber Defense Transformation Properly establish cyber defenses * Incident Response Tackle breaches confidently * Strategic Readiness Increase resilience to risk * Technical Assurance Test your security program * View all Services (48) * Expertise On Demand Access to Mandiant Experts * Training * Find a Course Browse on-demand and live training * Mandiant Academy Train your teams to protect effectively Schedule a consultationGet in touch with a Mandiant expert * Resources RESOURCE * Resource * Mandiant Blog Expert perspectives and industry news. * Podcasts Interviews, hot topics, and more * Customer Stories Case studies and customer testimonials. * Reports Research from the frontlines * Webinars Pre-recorded or livestreamed speaker events * Insights Cyber security concepts, methods, etc. * Events Conferences and collaborative events * Infographics Visualizations of security research and processes * Datasheets Descriptions of Mandiant offerings newM-Trends 2022: Cyber Security Metrics, Insights and Guidance From the FrontlinesLearn More View all resources * Company COMPANY Learn more about us and our mission to help organizations defend against cyber crime. About Mandiant Contact Us COMPANY MENU * Careers Life at Mandiant and open roles * Noteholder Documents * Media Center News, reporting and research * Partners Partners ecosystem and resources * Elevate * Mandiant Gives Back * Create a free account * Sign in to Advantage en expand_more * English * Français * Deutsch * 日本 * 한국어 * Español * Italian Start for Free Search Submit search form Search Submit search form * Platform * Mandiant Advantage Overview * Automated Defense * Security Validation * Ransomware Defense Validation * Attack Surface Management * Threat Intelligence * Digital Threat Monitoring * Managed Defense * Solutions * Ransomware * Cyber Risk Management * Digital Risk Protection * OT/ICS Security * Insider Threats * Cyber Security Skills Gap * Manufacturing * Election Security * Government Cyber Security * Cyber Threat Intelligence * Attack Surface Visibility * Cyber Preparedness * Detection and Response * Intelligence * Services * Services Overview * Incident Response * Strategic Readiness * Technical Assurance * View all Services (48) * Mandiant Academy * Find a Course * Expertise On Demand * Resources * Resources * Mandiant Blogs * Customer Stories * Webinars * Events * Podcasts * Reports * Insights * Datasheets * Infographics * Company * About Mandiant * Careers * Media Center * Partners * Elevate * Mandiant Gives Back * Mobile Footer Section * See what’s new at Mandiant * Get started * Incident Response Help * Contact Sales * Support * Sign In * Create a Free Mandiant Advantage Account TOP * Incident Response * Contact sales * Support * Advantage Free Trial * Blog * Support * Contact us * report_problemIncident Response Assistance BREADCRUMB 1. Home 2. Resources 3. Unauthorized Access of FireEye Red Team Tools Threat Research UNAUTHORIZED ACCESS OF FIREEYE RED TEAM TOOLS FireEye Dec 08, 2020 3 mins read Threat Research OVERVIEW A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools. We have incorporated the countermeasures in our FireEye products—and shared these countermeasures with partners, government agencies—to significantly limit the ability of the bad actor to exploit the Red Team tools. You can find a list of the countermeasures on the FireEye GitHub repository found HERE. RED TEAM TOOLS AND TECHNIQUES A Red Team is a group of security professionals authorized and organized to mimic a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. Our Red Team’s objective is to improve enterprise cyber security by demonstrating the impacts of successful attacks and by showing the defenders (i.e., the Blue Team) how to counter them in an operational environment. We have been performing Red Team assessments for customers around the world for over 15 years. In that time, we have built up a set of scripts, tools, scanners, and techniques to help improve our clients’ security postures. Unfortunately, these tools were stolen by a highly sophisticated attacker. The stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit. Many of the Red Team tools have already been released to the community and are already distributed in our open-source virtual machine, CommandoVM. Some of the tools are publicly available tools modified to evade basic security detection mechanisms. Other tools and frameworks were developed in-house for our Red Team. NO ZERO-DAY EXPLOITS OR UNKNOWN TECHNIQUES The Red Team tools stolen by the attacker did not contain zero-day exploits. The tools apply well-known and documented methods that are used by other red teams around the world. Although we do not believe that this theft will greatly advance the attacker’s overall capabilities, FireEye is doing everything it can to prevent such a scenario. It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners. DETECTIONS TO HELP THE COMMUNITY To empower the community to detect these tools, we are publishing countermeasures to help organizations identify these tools if they appear in the wild. In response to the theft of our Red Team tools, we have released hundreds of countermeasures for publicly available technologies like OpenIOC, Yara, Snort, and ClamAV. A list of the countermeasure is available on the FireEye GitHub repository found here. We are releasing detections and will continue to update the public repository with overlapping countermeasures for host, network, and file-based indicators as we develop new or refine existing detections. In addition, we are publishing a list of CVEs that need to be addressed to limit the effectiveness of the Red Team tools on the GitHub page. FIREEYE PRODUCTS PROTECT CUSTOMERS AGAINST THESE TOOLS Teams across FireEye have worked to build the countermeasures to protect our customers and the broader community. We have incorporated these countermeasures into our products and shared these countermeasures with our partners, including the Department of Homeland Security, who have incorporated the countermeasures into their products to provide broad coverage for the community. More information on the detection signatures available can be found in the GitHub repository. * Follow us * * * * FOOTER * Mandiant Advantage Platform * Platform Overview * Automated Defense * Security Validation * Ransomware Defense Validation * Attack Surface Management * Threat Intelligence * Digital Threat Monitoring * Managed Defense * Solutions * Ransomware * Industrial Controls & OT * Cyber Risk Management * Digital Risk Protection * Insider Threats * Cyber Security Skills Gap * Election Security * Government Cyber Security * Manufacturing * Cyber Threat Intelligence * Attack Surface Visibility * Cyber Preparedness * Detection and Response * Services * Services Overview * Incident Response * Strategic Readiness * Cyber Defense Transformation * Technical Assurance * View all Services (48) * Expertise on Demand * Mandiant Academy * Overview * Education Formats * Upcoming Courses * On-Demand Courses * Certifications * ThreatSpace Cyber Range * Free Course Sneak Peaks * Resources * Resource Center * Mandiant Blog * Podcasts * Customer Stories * Reports * Webinars * Insights * Infographics * Datasheets * Company * About Us * Careers * Events * Media Center * Noteholder Documents * Partners * Partners Overview * Service Partners * Cyber Risk Partners * Technology Partners * Partner Portal * Connect with Mandiant * Contact Us * Report an Incident * Customer Support * Email Preferences * Customer Success * Media Inquiries © Copyright 2022 Mandiant. All rights reserved. BOTTOM * Privacy & Cookies Policy * Terms & Conditions * Compliance * Site Map By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Privacy Policy Cookies Settings Reject All Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES REQUIRED COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Back Button PERFORMANCE COOKIES Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices