Large cybersecurity firm FireEye has been hit by a cyberattack, with hackers stealing its attack test tools in a targeted heist, the company said in a blog post Tuesday. CEO Kevin Mandia said the hack likely came from an attacker from a nation-state.
The hack hit one of the largest cybersecurity companies in the United States. FireEye has investigated major cyber attacks, includingand the . Hackers have stolen FireEye’s “Red Team” tools, a collection of malware and exploits used to test customers for vulnerabilities. Mandia said none of the tools were zero-day exploits (a vulnerability that has no patch).
“Based on my 25 years in cybersecurity and incident response, I concluded that we are witnessing an attack by a nation with world-class offensive capabilities,” Mandia said in her post. “This attack is unlike the tens of thousands of incidents we’ve responded to over the years. Attackers have tailored their world-class capabilities specifically to target and attack FireEye.”
The company said it was working with the FBI to determine how it was hacked, as well as with partners like Microsoft.
“The FBI is investigating the incident, and preliminary indications show an actor with a high level of sophistication consistent with a nation state,” said FBI deputy director of the Cyber Division Matt Gorham.
Microsoft has confirmed that it is participating in the investigation and noted that the hackers used a rare combination of techniques to steal the FireEye tools.
“This incident demonstrates why the security industry must work together to defend itself and respond to threats posed by well-funded adversaries using new and sophisticated attack techniques,” Microsoft said in a statement. “We applaud FireEye for its disclosure and collaboration, so that we can all be better prepared.”
Mandia said FireEye has seen no evidence that its stolen tools have been used, but the company will continue to monitor any activity. FireEye also has released countermeasures for its own attack tools on GitHub.
In one Filing with the Securities and Exchange Commission, FireEye noted that the attacker’s methods were very sophisticated, using techniques that would cover leads and make any forensic investigation difficult. The combination of techniques had never been seen before by the company, Mandia said.
In 2017, a group of hackers stole, which enabled rampant hacks like the .
FireEye said it has seen no evidence that hackers have stolen data from the company or taken information from its customers.
“This news regarding FireEye is of particular concern because a nation-state actor has reportedly managed to get away with advanced tools that could help them mount future attacks,” said Representative Adam Schiff, chairman of the House Intelligence Selection Committee. “We have asked the relevant intelligence agencies to inform the committee in the coming days of this attack, the vulnerabilities that could result from it and actions to mitigate its impacts.”
Senator Mark Warner, a Democrat from Virginia and co-chair of the Senate Cybersecurity Caucus, praised FireEye for revealing the attack and urged other potential victims to do the same.
“We have come to expect and demand that companies take real action to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers,” Warner said. “As we have done with critical infrastructure, we need to rethink the kind of IT support the government provides to American businesses in the key industries we all depend on.”