Well, that’s embarrassing. A top cybersecurity firm, FireEye, says state-sponsored hackers managed to steal a copy of its investigative tools.
On Tuesday, FireEye disclosed the theft in an effort to warn the IT security community that the hackers could end up using the same tools against them. The stolen technology pertains to so-called “Red Team” hacking tools, which can simulate a cyber attack. FireEye will use them to test a client’s cybersecurity defenses and then offer recommendations.
“We have been performing Red Team assessments for customers around the world for over 15 years. In that time, we have built up a set of scripts, tools, scanners, and techniques,” the company wrote in the blog post.
So in the wrong hands, the same tools could be weaponized to infiltrate a company's network, search for vulnerabilities, and plant malware. Investigators probing the attack would also have trouble pinning down the culprit.
FireEye left unsaid when the hackers actually stole the tools or how the theft occurred. But according to The New York Times, the company strongly suspects a Russian intelligence agency was behind the theft.
The good news is that many of the stolen tools had already been released to the security community. Nor did they contain any zero-day exploits—or ways to attack a piece of software using a previously unknown vulnerability.
“The tools apply well-known and documented methods that are used by other red teams around the world,” the company added. “Although we do not believe that this theft will greatly advance the attacker’s overall capabilities, FireEye is doing everything it can to prevent such a scenario.”
To help protect the security community, the company has released a list of countermeasures against the tools on GitHub. "It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners," it added.