FireEye is on the front lines defending companies and critical infrastructure globally from cyber threats.  Recently, we were attacked by a highly sophisticated threat actor,one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security.

We want to ensure that the entire security community is both aware and protected against the attempted use of these Red Team tools. Specifically, here is what we are doing:

    • We have prepared countermeasures that can detect or block the use of our stolen Red Team tools.
    • We have implemented countermeasures into our security products.
    • We are sharing these countermeasures with our colleagues in the security community so that they can update their security tools.
    • We are making the countermeasures publicly available in our blog post, Unauthorized Access of FireEye Red Team Tools“.
    • We will continue to share and refine any additional mitigations for the Red Team tools as they become available, both publicly and directly with our security partners.