Nation-state hackers with access to advanced tools broke into the network of U.S. cybersecurity firm FireEye and stole tools it uses to test the network defenses of its customers, the company announced Tuesday.
According to a statement from FireEye CEO Kevin Mandia, the attacker appears to be highly sophisticated and has access to advanced tools and used their “world-class capabilities specifically to target and attack” the company, which offers enterprise security tools to more than 9,600 customers across 103 countries.
Along with the FBI and Microsoft’s cybersecurity team, the company is conducting and investigation, but quickly determined that the attackers must be backed by a foreign government given their expertise.
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years.”
The threat actor sought information related to certain unnamed government customers, which Mandia said is consistent with a nation-state effort. However, the company doesn’t currently believe that customer information was exfiltrated.
The attackers accessed tools that the company uses to test the security posture of its customers and mimic the behavior of cyber threat actors.
These tools are designed to help the company develop diagnostic security services to its customers. However, none of the tools contain zero-day exploits, Mandia said in the statement.
The company is releasing methods and means of detecting the use of the stolen tools, and has developed more than 300 countermeasures for its customers.
Mandia said there is not yet evidence that attackers have actually used the stolen tools.
“We have seen no evidence to date that any attacker has used the stolen Red Team tools. We, as well as others in the security community, will continue to monitor for any such activity. At this time, we want to ensure that the entire security community is both aware and protected against the attempted use of these Red Team tools.”
To address this, FireEye has prepared countermeasures that can detect or block the use of the stolen tools, implemented countermeasures into its security products and is sharing these countermeasures with the security community and in a publicly available blog post.
Mandia said the company is confident that it can continue to innovate and protect customers with its products.
“We’re confident in the efficacy of our products and the processes we use to refine them,” he said. “We have learned and continue to learn more about our adversaries as a result of this attack, and the greater security community will emerge from this incident better protected. We will never be deterred from doing what is right.”