American cybersecurity firm FireEye says it was on the receiving end of a cyberattack recently and that a government-backed hacking operation may have been behind it.
“A highly sophisticated state-sponsored adversary stole FireEye Red Team tools,” the company wrote in a Dec. 8 press release. “Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to use the stolen tools themselves or publicly disclose them, FireEye is releasing hundreds of countermeasures with this blog post to enable the broader security community to protect themselves against these tools.”
It’s unclear when the hack initially took place, but Reuters cited a source who told the publication that the company had been resetting user passwords “over the past two weeks.” The Federal Bureau of Investigation and Microsoft have been brought in to investigate.
“The FBI is investigating the incident, and preliminary indications show an actor with a high level of sophistication consistent with a nation-state,” Matt Gorham, assistant FBI director for the Cyber Division, told Reuters.
FireEye says the stolen tools range from simple scripts used to automate reconnaissance to entire frameworks similar to publicly available technologies such as CobaltStrike and Metasploit. Many of the Red Team tools have already been released to the community and are already distributed in the company’s open-source virtual machine, CommandoVM.
FireEye says there’s no evidence of the tools being used by threat actors – yet. A list of the countermeasure is available on the FireEye GitHub repository.