Overview

On December 8, 2020, FireEye, a cybersecurity company, posted a blog stating that its internal network was attacked by a sophisticated organization and that FireEye Red Team tools were stolen.

According to FireEye, the stolen Red Team tools were mainly used to provide its customers with basic penetration testing services and did not contain zero-day exploits or unknown techniques. The tools involved include open-source tools, secondary development versions of open-source tools, and some independently developed weaponized tools. In terms of usage, the tools basically cover the various stages of the life cycle of attacks, such as persistence, privilege escalation, defense bypass, credential acquisition, information collection within the domain, and lateral movement. Some of these tools have already been released to the community and are already distributed in our open-source virtual machine, CommandoVM.