FireEye, one of the world’s largest cyber security firms, announced on Tuesday that it had been hacked by ‘a highly sophisticated state-sponsored adversary’, which a source said is likely to be Russia.
The company announced the breach in a blog post Tuesday revealing the hackers stole valuable hacking tools – known as Red Team tools – that are used to test a company’s computer networks for cyber weaknesses.
It did not say when the hack happened or who it applied to but that it was ‘state sponsored’.
FireEye didn’t label Russia as the culprit but a source told The Wall Street Journal investigators believe the nation is behind the attack.
A source also told The Washington Post it appeared to be the work of the Russian SVR intelligence service.
FireEye is now working with the FBI as well as partners including Microsoft to investigate the attack.
According to a source close to the investigation, the hackers were extraordinarily precise and specifically targeted the organization.
‘This was a sniper shot that got through,’ the FBI said.
FireEye, one of the largest cyber security firms in the world, has been hacked
According to a source close to the investigation, the hackers were extraordinarily precise. ‘This was a sniper shot that got through,’ they said.
Kevin Mandia, FireEye’s CEO who is also a former Air Force Officer, said the attack was ‘top-tier’.
‘Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.
‘We are witnessing an attack by a nation with top-tier offensive capabilities.
‘This attack is different from the tens of thousands of incidents we have responded to throughout the years,’ he wrote in the blog post.
The hacker made off with a significant number of the firm’s tools. None of the tools stolen contain zero-day exploits – where a vulnerability is found in a system by a hacker and exploited before the company realizes something is wrong and fixes it.
Mandia said the hacker primarily sought information related to certain government customers, something he said is ‘consistent with a nation-state cyber-espionage effort’.
FireEye CEO Kevin Mandia said the attack was carried out by ‘world class’ operatives
So far there is no evidence that the attacker removed data from the FireEye’s primary systems that store customer information, Mandia said.
He added that customers would be notified directly if this did turn out to be the case.
At this point, none of the information that has been compromised has been used but Mandia said there was no way of knowing what the hackers wanted to do with it.
The hackers accessed the company’s Red Team tools which, they say, ‘apply well-known and documented methods that are used by other red teams around the world.’
‘It’s important to note that FireEye has not seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners,’ Mandia said.
FireEye said it is not clear if the attacker plans to use the tools themselves or to publicly disclose them.
The company has developed and issued more than 300 counter measures for its customers to try to circumvent any damage.
FireEye is one of the world’s top cyber security firms and has more than 9,600 clients include Sony and Equifax.
The company also has a partnership with the Department of Homeland Security.
The DHS has incorporated the countermeasures into its products already, FireEye said Tuesday.
An FBI spokesman said in a statement: ‘The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state.
‘It is important to note that our adversaries are continuously looking for US networks to exploit.
‘That is why we are focused on imposing risk and consequences on malicious cyber actors, so they think twice before attempting an intrusion in the first place; why we are focused on quickly responding to victims and providing organizations with the information.
‘They need to defend their networks; and we are encourage anyone that notices suspicious activity to notify the FBI or the USSS.’
FireEye is based in California and is worth $3.5billion.