$3.5 billion cybersecurity giant FireEye says it was hacked by a 'nation with top-tier offensive capabilities,' and the attackers made off with its own hacking tools

Aaron Holmes
Updated ·4 min read
FireEye COO Kevin Mandia
FireEye CEO Kevin Mandia Michael Kovac / Stringer / Getty Images

  • FireEye, one of the world's leading cybersecurity firms, disclosed Tuesday that its systems were hacked by "a nation with top-tier offensive capabilities."

  • The firm has been on the forefront of the fight against cybercriminals for years, tracking advanced threat actors and defending companies and government agencies against cyberattacks.

  • The hackers compromised FireEye and stole its internal hacking tools using "a novel combination of techniques not witnessed by us or our partners in the past," CEO Kevin Mandia said in a blog post Tuesday.

  • FireEye did not disclose how or when the attack occured, or who could have been behind it. But the FBI is now investigating Russian state-backed hackers in connection with the attack, the New York Times reported.

  • The FBI confirmed in a statement to Business Insider that the attack is being investigated, adding that it bears signs of "a high level of sophistication consistent with a nation state."

  • Visit Business Insider's homepage for more stories.

Hackers aligned with a foreign nation-state successfully breached the systems of FireEye, the $3.5 billion Silicon Valley cybersecurity giant, the company said on Tuesday. The attackers stole its proprietary "red team" hacking tools, used to assess a client's security and vulnerabilities, the company said.

FireEye has for years been a leader in the fight against cybercrime, producing regular intelligence reports on nation-state hacking and aiding companies and government agencies targeted by hackers. Stock in the company was down over 7% in after-hours trading on Tuesday following the announcement.

That activity has made FireEye a target for an unusually sophisticated attack, FireEye CEO Kevin Mandia wrote in a blog post published Tuesday.

Mandia noted that the attackers' methods bore evidence of "a nation with top-tier offensive capabilities," but did not disclose when the attack took place, how it was carried out, or who specifically could be behind the attack. A FireEye spokesperson declined to comment, redirecting Business Insider to Mandia's blog post.

"This attack is different from the tens of thousands of incidents we have responded to throughout the years," Mandia wrote. "They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past."

The firm is now coordinating with the FBI and Microsoft, another private sector heavyweight in the fight against nation-state hackers, Mandia wrote.

FBI cyber division assistant director Matt Gorham confirmed in a statement to Business Insider that the attack is being investigated, adding that it bears signs of "a high level of sophistication consistent with a nation state."

"It is important to note that our adversaries are continuously looking for US networks to exploit.  That is why we are focused on imposing risk and consequences on malicious cyber actors, so they think twice before attempting an intrusion in the first place," Gorham said.

Evidence suggests that the attack could be the work of Russian-backed hackers, according to The New York Times, which reported Tuesday that the FBI is now investigating Russia's possible involvement. FireEye's threat intelligence unit, Mandiant, has previously reported on Russian hacking operations targeting other governments across the globe.

The hackers were able to access some of FireEye's "red team" tools used to test its clients' security, Mandia wrote in the blog post, adding that the firm does not know whether hackers have used those tools against others since stealing them. In the meantime, Mandia said FireEye has developed new countermeasures for customers meant to defend against the hacking tools, which have been published on GitHub.

FireEye sells cybersecurity software and threat intelligence to some of the largest companies in the world, with past clients including Sony, Equifax, and Vodafone, as well as public sector clients including the City of San Francisco.

On a few occasions, hackers have stolen other organizations' red team tools in the past and used them to devastating effect. Hacking tools stolen from the National Security Agency in 2016 were later used by hackers aligned with North Korea and Russia to inflict more than $10 billion in damages on various companies and government agencies.

Read the original article on Business Insider