This week, FireEye’s proprietary red team tools (pen-testing and hacking) were stolen. It appears the attack was executed by highly advanced nation-state threat groups after breaching FireEye systems with "novel” and “previously unseen” techniques.
This successful attack has critical implications. A new set of sophisticated hacking tools have joined the cyberattack arena that gives skilled threat actors a powerful new way to target attack surface weaknesses, vulnerabilities, and exposures worldwide. While these hijacked red team tools did not contain any 0-day exploits, they put digital assets outside the firewall, such as web apps, devices, services, pages, in immediate jeopardy.
RiskIQ's unique internet-wide visibility gives our customers an advantage in protecting their attack surfaces from this newly heightened threat. Our Illuminate Platform finds digital assets connected to an organization outside their internal network, providing visibility into those that may be vulnerable to attacks, including their critical CVEs.
Article Link: https://www.riskiq.com/blog/external-threat-management/fireeye-hacking-tools-cves/