FireEye said the attack likely came from a nation-state.
Rafael Henrique/SOPA Images/LightRocket via Getty Images
The cybersecurity firm FireEye announced on Tuesday that it’s suffered a cyberattack where hackers stole the company’s attack test tools in a targeted heist. In a blog post, FireEye’s CEO Kevin Mandia said the hack most likely came from a nation-state attacker.
The hack hit one of the largest cybersecurity companies in the US — FireEye has investigated major cyberattacks, including the Equifax breach and the Democratic National Committee hack. The hackers stole FireEye’s “Red Team” tools — a collection of malware and exploits used to test customers’ vulnerabilities. None of the tools were zero-day exploits (vulnerabilities that don’t have a fix), Mandia said.
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said in his post. “This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye.”
The firm said it’s working with the Federal Bureau of Investigation to determine how it was hacked, as well as with partners like Microsoft.
The FBI and Microsoft didn’t immediately respond to requests for comments.
Mandia said it hasn’t seen any evidence that its stolen tools have been used, but will continue to monitor for any activity. FireEye has also released countermeasures for its own attacking tools on GitHub.
In a Securities and Exchange Commission filing, FireEye noted that the attacker’s methods were highly sophisticated, using methods that would cover their tracks and make any forensics investigations difficult.
