FireEye, one of the world largest security firms, said today it was hacked and that a “highly sophisticated threat actor” accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.
In a press release today, FireEye CEO Kevin Mandia said the threat actor also searched for information related to some of the company’s government customers.
Mandia described the attacker as a “highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.”
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said in a statement released after markets closed.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” the FireEye top exec added.
“The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus.
“They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
Microsoft confirms nation-state attribution
FireEye said its assessment was confirmed by Microsoft, which the company brought in to help investigate the breach.
The Federal Bureau of Investigation was also notified and is currently assisting the company, a major government contractor.
Because FireEye believes the attackers got their hands on its custom penetration testing tools, the company is now sharing indicators of compromise (IOC) and countermeasues on its GitHub account. The data from the GitHub will help other companies detect if hackers used any of FireEye’s stolen tools to breach their networks.
But despite the gloomy news, FireEye is not the first major security firm that got hacked by a nation-state group. Kaspersky disclosed a similar breach in 2015; RSA Security was also hacked in 2011 by a nation-state actor later linked to China; and Avast got hacked twice, the first time in 2017, and again in 2019.
Knowing they might be the target of the next attack, on Twitter, most cybersecurity professionals showed their support for the company and complimented FireEye for its quick disclosure.
“I applaud FireEye for quickly going public with this news, and I hope the company’s decision to disclose this intrusion serves as an example to others facing similar intrusions,” US Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, told ZDNet today.
“We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers.”
FireEye declined to comment on the attack’s attribution.