FireEye, one of the largest cybersecurity companies in the United States, has become the latest victim of a targeted cyber hacking.
The company suggested that the breach was most likely by a foreign government, leading to the theft of an array of internal hacking tools typically used to test the cyber defences of its clients.
The cyber-attack on FireEye is especially galling given that it is a company with a number of business contracts across the national security space both in the United States and its allies.
Beyond the tool theft, it also appears that the hackers could also have been interested in a subset of FireEye customers: government agencies.
The FireEye breach was disclosed in a public filing with the US Securities and Exchange Commission citing CEO Kevin Mandia.
In the SEC filing, FireEye noted that the attacker’s methods were highly sophisticated, using techniques that would cover tracks and make any forensics investigations difficult. The combination of techniques hadn’t been seen before by the company, Mandia said.
It is not clear exactly when the hack initially took place.
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye.”
The firm said it’s working with the FBI to determine how it was hacked, as well as with partners like Microsoft.
“The FBI is investigating the incident, and preliminary indications show an actor with a high level of sophistication consistent with a nation-state,” said the FBI Cyber Division’s assistant director, Matt Gorham.
Microsoft confirmed that it was assisting with the investigation and noted that the hackers used a rare combination of techniques to steal FireEye’s tools.
“This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques,” Microsoft said in a statement.
“We commend FireEye for their disclosure and collaboration, so that we can all be better prepared.”
Senator Mark Warner, a Democrat from Virginia and co-chair of the Senate Cybersecurity Caucus, commended FireEye for disclosing the attack, and urged other potential victims to do the same.
“We have come to expect and demand that companies take real steps to secure their systems, but this case also shows the difficulty of stopping determined nation-state hackers,” Warner said.
“As we have with critical infrastructure, we have to rethink the kind of cyber assistance the government provides to American companies in key sectors on which we all rely.”