US cybersecurity company FireEye has been hacked by a state-sponsored agency.

Company tools used for testing customers' security were stolen, with the hacker focusing on government agencies. There is no evidence that FireEye’s hacking tools were used, or that client data was stolen.

Tools now out in the wild

FireEye
– Wiki Commons/Ordercrazy

"Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities," CEO Kevin Mandia said in a blog post.

"This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."

The company is investigating the attack in coordination with the FBI and partners like Microsoft. "Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques."

The assessment tools targeted test customers’ security by mimicking the behavior of many cyber threat actors to provide diagnostic security services.

"We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them," Mandia said.

"Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools."

The attacker primarily sought information related to certain government customers. They were able to access some FireEye internal systems, but the company claims there is no evidence that data was exfiltrated from the primary systems that store customer information.

“The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state,” said Matt Gorham, assistant FBI director for the Cyber Division.

Neither FireEye nor the FBI have revealed who they think is behind the attack, but the case has been referred to the FBI's Russia specialists.

FireEye previously identified Russian military intelligence units as being behind high-profile attacks on Ukraine's power grid and a Saudi petrochemical plant.

Further reading