FireEye, one of the world’s largest cyber security firms, announced on Tuesday that it had been hacked by ‘a highly sophisticated state-sponsored adversary’, which sources say is likely to be Russia.
The company announced the breach in a blog post revealing the attackers stole valuable hacking tools – known as Red Team tools – which are used by FireEye to test its own customers’ computer networks for weaknesses to attack.
It did not say when the hack happened or who it applied to but that it was ‘state sponsored’ and ‘a nation with top-tier offensive capabilities.’
FireEye didn’t label Russia as the culprit but the investigation is being handled by the FBI’s Russia specialists.
Sources also told multiple outlets the nation’s intelligence service is thought to be behind the attack.
FireEye is now working with the FBI as well as Microsoft to investigate the attack, amid fears that the tools falling into the wrong hands could be used to mount fresh attacks on governments and big businesses worldwide.
FireEye, one of the largest cyber security firms in the world, has been hacked
According to a source close to the investigation, the hackers were extraordinarily precise and specifically targeted the organization.
‘This was a sniper shot that got through,’ the FBI said.
Kevin Mandia, FireEye’s CEO who is also a former Air Force Officer, said the attack was ‘top-tier’.
‘Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.
‘We are witnessing an attack by a nation with top-tier offensive capabilities.
‘This attack is different from the tens of thousands of incidents we have responded to throughout the years,’ he wrote in the blog post.
Though Mandia stopped short of pointing the blame at Russia, sources said the investigation so far suggests the nation is behind the attack.
A source told The Wall Street Journal investigators believe Russia is responsible while a source told The Washington Post it appeared to be the work of the Russian SVR intelligence service.
FireEye CEO Kevin Mandia said the attack was carried out by ‘world class’ operatives
The hacker made off with a significant number of the firm’s tools but none of the tools contained zero-day exploits – where a vulnerability is found in a system by a hacker and exploited before the company realizes something is wrong and can fix it.
Mandia said the hacker primarily sought information related to certain government customers, something he said is ‘consistent with a nation-state cyber-espionage effort’.
So far there is no evidence that the attacker removed data from the FireEye’s primary systems that store customer information, Mandia said.
He added that customers would be notified directly if this did turn out to be the case.
At this point, none of the information that has been compromised has been used but Mandia said there was no way of knowing what the hackers wanted to do with it.
‘It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners,’ Mandia said.
The attacker could plan to use the tools themselves or to publicly disclose them.
The hackers accessed the company’s Red Team tools which, they say, ‘apply well-known and documented methods that are used by other red teams around the world.’
The company has developed and issued more than 300 counter measures for its customers to try to limit the impact.
Shares in FireEye plummeted by 7.22 percent in extended trading Tuesday to a low of $14.14 per unit after the news broke of the breach.
A motive for the attack is unclear.
However Gregory Touhill, president of AppGate Federal Group and former federal chief information security officer, told the Washington Post the state behind the attack might want to find out what FireEye knows about its capabilities in order to protect itself, or it could use the tools to look for weaknesses to exploit in others.
Shares in FireEye plummeted by 7.22 percent in extended trading Tuesday to a low of $14.14 per unit after the news broke of the breach
An FBI spokesman said in a statement it is investigating the attack but also refrained from naming Russia as the prime suspect.
‘The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state.
‘It is important to note that our adversaries are continuously looking for US networks to exploit.
‘That is why we are focused on imposing risk and consequences on malicious cyber actors, so they think twice before attempting an intrusion in the first place; why we are focused on quickly responding to victims and providing organizations with the information they need to defend their networks; and we are encourage anyone that notices suspicious activity to notify the FBI or the USSS.’
The nation’s Cybersecurity and Infrastructure Security Agency said Tuesday that it had no reports of FireEye’s tools being used maliciously, but warned that ‘unauthorized third-party users could abuse these tools to take control of targeted systems.’
Virginia Senator Mark Warner applauded FireEye for publicly disclosing the breach.
‘We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers,’ the Democrat said in a statement.
FireEye is one of the world’s top cyber security firms and has more than 9,600 clients including Sony and Equifax.
The company also has a partnership with the Department of Homeland Security.
The DHS has incorporated the countermeasures into its products already, FireEye said Tuesday.
According to a source close to the investigation, the hackers were extraordinarily precise. ‘This was a sniper shot that got through,’ they said.
FireEye has long been the cyber company of choice for government agencies and big corporations to both protect them from attack and track down the culprits when an attack does take place.
The company’s tools are used to simulate cyber attacks on its customers to identify weaknesses in their systems that can then be better protected.
Meanwhile, the firm has been brought in to investigate attacks on companies and government agencies.
It has also been at the forefront of investigating sophisticated state-backed hacking groups, including Russian groups trying to break into state and local governments in the US that administer elections.
FireEye is credited with uncovering that Russian military hackers were behind 2015 and 2016 attacks on Ukraine´s energy grid.
Tuesday’s announcement that one of the top cyber security firms in the world that works to protect and advise customers on attacks has itself been the victim of attack shows the sophisticated nature of the hacker.
It also comes at a time when the US has been focusing on breaches related to voting in the presidential election.
The recent attack is the biggest theft of cyber security tools since the National Security Agency was hacked and had its tools stolen in 2016, according to the New York Times.
The stolen tools later ended up dumped online over a number of months leaving the NSA as well as several government agencies open to attack.
FireEye is based in California and is worth $3.5billion. In 2013, the company acquired cyber firm Mandiant which was set up by Mandia in 2004. Mandia then became CEO of FireEye in 2016.