Earlier this week, FireEye publicly advised that a highly sophisticated state-sponsored actor had accessed their network and taken a copy of the FireEye Red Team tools. Red Team tools are often used by cyber security organisations to evaluate the security of networks. These same tools could be used to gain unauthorised access to victim networks.
The ACSC is working closely with FireEye and other cyber security partners to understand the risks facing Australian systems. To date there is no evidence these tools have been used against Australians.
FireEye has provided a repository of signatures to detect whether these tools may have been used against a network. Ensuring an effective patching strategy, focusing on internet-facing systems, is the most effective mitigation against these tools. We recommend organisations follow advice provided in existing ACSC publications such as Summary of Tactics, Techniques and Procedures Used to Target Australian Networks and ASD’s Essential Eight.