FireEye, one of the largest U.S. security companies, has been hacked. The hacking tools for the company’s internal use were stolen

. According to a FireEye release, it has been the target of a highly sophisticated attack, most likely behind a state with first-class IT offensive capabilities. According to the company, preliminary analyzes of the intrusion by the FBI (Federal Bureau of Investigation) and Microsoft, among others, also support the theory of a state attacker.

According to the company’s release, the attackers targeted their hack specifically at its internal Red Team tools, which FireEye uses to test its customers ’security. The Red Team toolkit includes a wide variety of attack tools and also utilizes real-world attack technologies such as CobaltStrike and Metasploit. Some of the tools are also publicly available as open source, but there are also closed source tools developed by the company itself. Stolen tools do not take advantage of so-called zero-day vulnerabilities or other unknown attack technologies.

Through GitHub, FireEye has released a set of tools for Snort, Yara, ClamAV, and HXIOC that allow it to defend itself against stolen tools. The security arsenal will be further updated in the future, in addition to which the company’s own products will of course already be able to defend themselves against stolen tools.

Source: Reuters, FireEye (1), (2)