Earlier this week, FireEye publicly released that a highly sophisticated actor had accessed their network and taken a copy of their Red Team’s tools. Red Team tools are often used by cyber security organisations to evaluate the security of networks. These same tools could be used to gain unauthorised access to victim networks.
The ACSC is working closely with FireEye and other intelligence partners to understand the risks facing Australian systems. To date there is no evidence these tools have been used against Australians.
FireEye have provided a repository of signatures to detect whether these tools may have been used against a network. All techniques listed as being used by FireEye are publicly known vulnerabilities. Ensuring an effective patching strategy, focusing on internet-facing systems, is the most effective mitigation against these tools. We recommend organisations follow advice provided in existing ACSC publications such as Summary of Tactics, Techniques and Procedures Used to Target Australian Networks and ASD’s Essential Eight.